An update for perl-HTML-Parser is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2672 Final 1.0 1.0 2026-06-12 Initial 2026-06-12 2026-06-12 openEuler SA Tool V1.0 2026-06-12 perl-HTML-Parser security update An update for perl-HTML-Parser is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4 Objects of the HTML::Parser class will recognize markup and separate it from plain text (alias data content) in HTML documents. As different kinds of markup and text are recognized, the corresponding event handlers are invoked. Security Fix(es): HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and that value contained its own key as an entity reference, a later call to grow_gap() reallocated the SV's PV buffer and freed the backing allocation that repl still pointed into. The subsequent copy loop read repl_len bytes from the freed allocation. The read may disclose adjacent heap contents into the destination SV.(CVE-2026-8829) An update for perl-HTML-Parser is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High perl-HTML-Parser https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2672 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8829 https://nvd.nist.gov/vuln/detail/CVE-2026-8829 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 perl-HTML-Parser-3.81-2.oe2403sp1.src.rpm perl-HTML-Parser-3.81-2.oe2403sp3.src.rpm perl-HTML-Parser-3.73-2.oe2003sp4.src.rpm perl-HTML-Parser-3.78-2.oe2203sp4.src.rpm perl-HTML-Parser-3.81-2.oe2403sp1.x86_64.rpm perl-HTML-Parser-debuginfo-3.81-2.oe2403sp1.x86_64.rpm perl-HTML-Parser-debugsource-3.81-2.oe2403sp1.x86_64.rpm perl-HTML-Parser-help-3.81-2.oe2403sp1.x86_64.rpm perl-HTML-Parser-3.81-2.oe2403sp3.x86_64.rpm perl-HTML-Parser-debuginfo-3.81-2.oe2403sp3.x86_64.rpm perl-HTML-Parser-debugsource-3.81-2.oe2403sp3.x86_64.rpm perl-HTML-Parser-help-3.81-2.oe2403sp3.x86_64.rpm perl-HTML-Parser-3.73-2.oe2003sp4.x86_64.rpm perl-HTML-Parser-debuginfo-3.73-2.oe2003sp4.x86_64.rpm perl-HTML-Parser-debugsource-3.73-2.oe2003sp4.x86_64.rpm perl-HTML-Parser-help-3.73-2.oe2003sp4.x86_64.rpm perl-HTML-Parser-3.78-2.oe2203sp4.x86_64.rpm perl-HTML-Parser-debuginfo-3.78-2.oe2203sp4.x86_64.rpm perl-HTML-Parser-debugsource-3.78-2.oe2203sp4.x86_64.rpm perl-HTML-Parser-help-3.78-2.oe2203sp4.x86_64.rpm perl-HTML-Parser-3.81-2.oe2403sp1.aarch64.rpm perl-HTML-Parser-debuginfo-3.81-2.oe2403sp1.aarch64.rpm perl-HTML-Parser-debugsource-3.81-2.oe2403sp1.aarch64.rpm perl-HTML-Parser-help-3.81-2.oe2403sp1.aarch64.rpm perl-HTML-Parser-3.81-2.oe2403sp3.aarch64.rpm perl-HTML-Parser-debuginfo-3.81-2.oe2403sp3.aarch64.rpm perl-HTML-Parser-debugsource-3.81-2.oe2403sp3.aarch64.rpm perl-HTML-Parser-help-3.81-2.oe2403sp3.aarch64.rpm perl-HTML-Parser-3.73-2.oe2003sp4.aarch64.rpm perl-HTML-Parser-debuginfo-3.73-2.oe2003sp4.aarch64.rpm perl-HTML-Parser-debugsource-3.73-2.oe2003sp4.aarch64.rpm perl-HTML-Parser-help-3.73-2.oe2003sp4.aarch64.rpm perl-HTML-Parser-3.78-2.oe2203sp4.aarch64.rpm perl-HTML-Parser-debuginfo-3.78-2.oe2203sp4.aarch64.rpm perl-HTML-Parser-debugsource-3.78-2.oe2203sp4.aarch64.rpm perl-HTML-Parser-help-3.78-2.oe2203sp4.aarch64.rpm HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and that value contained its own key as an entity reference, a later call to grow_gap() reallocated the SV's PV buffer and freed the backing allocation that repl still pointed into. The subsequent copy loop read repl_len bytes from the freed allocation. The read may disclose adjacent heap contents into the destination SV. 2026-06-12 CVE-2026-8829 openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N perl-HTML-Parser security update 2026-06-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2672