python-cmarkgfm (2024.11.20-1)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/python-team/packages/python-cmarkgfm.git
-
- Branch: debian/master
- Path: debian/changelog
- Repo size: 790528
- Browser: https://salsa.debian.org/python-team/packages/python-cmarkgfm
- Last scan: 2025-07-12 00:26:03+00
- Next scan: 2025-07-19 19:00:00+00
- Debian changelog in Git:
python-cmarkgfm (2024.11.20-1) unstable; urgency=medium
* Team upload.
* d/watch: Switch back to PyPI, since its tarballs include submodule
contents.
* New upstream release (closes: #1072833):
- CVE-2022-39209: Remove polynomial time complexity in autolink
extension (closes: #1034887).
- CVE-2023-22483: Quadratic complexity bugs may lead to a denial of
service.
- CVE-2023-22484: Quadratic complexity bug in handle_pointy_brace may
lead to a denial of service.
- CVE-2023-22485: Out-of-bounds read in validate_protocol.
- CVE-2023-22486: Quadratic complexity bug in handle_close_bracket may
lead to a denial of service (closes: #1033111).
- CVE-2023-24824, CVE-2023-26485: Fix quadratic behavior in rendering
(closes: #1034172).
- CVE-2023-37463: Quadratic complexity bugs may lead to a denial of
service (closes: #1041098).
-- Colin Watson <cjwatson@debian.org> Wed, 23 Apr 2025 10:54:43 +0100
- This branch is even with tag debian/2024.11.20-1