[Deepin Integration]~[v25-Release] fix: CVE-2026-8829 heap-use-after-free in _decode_entities by hudeng-go@deepin-community/libhtml-parser-perl by deepin-community-ci-bot[bot]

[deepin-bot]

Package information | 软件包信息

包名	版本
libhtml-parser-perl	3.76-1deepin1

Package repository address | 软件包仓库地址

deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-4140/testing/ ./

Changelog | 更新信息

libhtml-parser-perl (3.76-1deepin1) unstable; urgency=medium

• Fix CVE-2026-8829: heap-use-after-free in _decode_entities
  When the input SV passed to _decode_entities is the same SV stored as a
  self-referential value in the entity hash, grow_gap() could realloc the
  SV's PV buffer, leaving repl pointing at freed memory. Copy the entity
  value into an owned buffer when the hash entry SV aliases the input SV.

[deepin-bot]

Integration Test Info

Test suggestion | 测试建议

Influence | 影响范围

ADDITIONAL INFORMATION | 额外补充

[deepin-bot]

IntegrationProjector Notify the author
@hudeng: Integrated issue updated

[deepin-bot]

IntegrationProjector Bot
Deepin Testing Integration Project Manager Info
Link to deepin-community/Repository-Integration#4140