Use-after-free vulnerability was found in tidy caused by mishandling cnotrol characters, especially NULL character. Upstream bug: https://github.com/htacg/tidy-html5/issues/341 Upstream fix: https://github.com/htacg/tidy-html5/pull/368
Created tidy tracking bugs for this issue: Affects: fedora-all [bug 1312883] Affects: epel-all [bug 1312884]