python-cmarkgfm (2024.11.20-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/python-team/packages/python-cmarkgfm.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: debian/master
Path: debian/changelog
Repo size: 790528
Browser: https://salsa.debian.org/python-team/packages/python-cmarkgfm
Last scan: 2025-07-12 00:26:03+00
Next scan: 2025-07-19 19:00:00+00

Debian changelog in Git:

python-cmarkgfm (2024.11.20-1) unstable; urgency=medium

  * Team upload.
  * d/watch: Switch back to PyPI, since its tarballs include submodule
    contents.
  * New upstream release (closes: #1072833):
    - CVE-2022-39209: Remove polynomial time complexity in autolink
      extension (closes: #1034887).
    - CVE-2023-22483: Quadratic complexity bugs may lead to a denial of
      service.
    - CVE-2023-22484: Quadratic complexity bug in handle_pointy_brace may
      lead to a denial of service.
    - CVE-2023-22485: Out-of-bounds read in validate_protocol.
    - CVE-2023-22486: Quadratic complexity bug in handle_close_bracket may
      lead to a denial of service (closes: #1033111).
    - CVE-2023-24824, CVE-2023-26485: Fix quadratic behavior in rendering
      (closes: #1034172).
    - CVE-2023-37463: Quadratic complexity bugs may lead to a denial of
      service (closes: #1041098).

 -- Colin Watson <cjwatson@debian.org>  Wed, 23 Apr 2025 10:54:43 +0100

This branch is even with tag debian/2024.11.20-1