[ Reason ]
libhtml-gumbo-perl has a security issue in the version in bookworm. We
don't feel that warrants a DSA, but would like to see it updated in
bookworm before the final point release.
Bug report for the security issue:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104789
CVE-2025-15646
[ Impact ]
Users of this package will be exposed to this security issue.
[ Tests ]
The package has built in test cases, these all pass.
The patch has been accepted upstream.
[ Risks ]
There is minimal risk.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
The change adds handling for the template HTML element.
[ Other info ]
I've been discussing this with Salvatore Bonaccorso.