Bug#965981: marked as done (CVE-2020-5238)

Wed, 26 Aug 2020 06:06:25 -0700 

Your message dated Wed, 26 Aug 2020 13:03:58 +0000
with message-id <[email protected]>
and subject line Bug#965981: fixed in ruby-commonmarker 0.21.0-1
has caused the Debian Bug report #965981,
regarding CVE-2020-5238
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
965981: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965981
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: ruby-commonmarker
Severity: important
Tags: security

This was assigned CVE-2020-5238
https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4

And ruby-commonmarker seems to embed a copy of cmark-gfm.

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: ruby-commonmarker
Source-Version: 0.21.0-1
Done: =?utf-8?q?C=C3=A9dric_Boutillier?= <[email protected]>

We believe that the bug you reported is fixed in the latest version of
ruby-commonmarker, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cédric Boutillier <[email protected]> (supplier of updated ruby-commonmarker 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 26 Aug 2020 14:30:21 +0200
Source: ruby-commonmarker
Architecture: source
Version: 0.21.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team 
<[email protected]>
Changed-By: Cédric Boutillier <[email protected]>
Closes: 965981
Changes:
 ruby-commonmarker (0.21.0-1) unstable; urgency=medium
 .
   * New upstream version 0.21.0
     + improve order of magnitude of the time to parse input, fixing possible
     denial of service [CVE-2020-5238] (Closes: #965981)
   * Watch file moved to version 4
   * Refresh packaging with dh-make-ruby -w
   * Enable tests
     + skip test_spec.rb and test_smartpunct.rb as they need cmark test files
Checksums-Sha1:
 f1eb11e6a006000fe09e84c106a9bab38026a2f6 1879 ruby-commonmarker_0.21.0-1.dsc
 976c8460bd9f4cb1ac113129c2491f63f7224cd0 150376 
ruby-commonmarker_0.21.0.orig.tar.gz
 3215a8241b20bc369e68f2941e03943cdcb96b68 2696 
ruby-commonmarker_0.21.0-1.debian.tar.xz
 a28dbb59ca35be4134c2db2e3404fcef94a96b68 8790 
ruby-commonmarker_0.21.0-1_amd64.buildinfo
Checksums-Sha256:
 cf518893ccc97fbb92a4840ead218241cf74fbf01ae73b838f91b6ee0c8e07e8 1879 
ruby-commonmarker_0.21.0-1.dsc
 9b7782392c4adff793f43c5626c00730cff4d7150574864eb4e7558ce98ab1d1 150376 
ruby-commonmarker_0.21.0.orig.tar.gz
 0aa43a483c3714e1b0de94227385d2211d2a4d1dacb637d604453a83b043fc75 2696 
ruby-commonmarker_0.21.0-1.debian.tar.xz
 0a0cd4fd85c948481972d2205961add3e26c2733eb5ebeaab07c3e92247bf5ea 8790 
ruby-commonmarker_0.21.0-1_amd64.buildinfo
Files:
 7ada9296dc5ce76a2a6ab3a949bed3dd 1879 ruby optional 
ruby-commonmarker_0.21.0-1.dsc
 a6090dc70a954c1f5eb92f5a7ee66b6f 150376 ruby optional 
ruby-commonmarker_0.21.0.orig.tar.gz
 18169fa1e88cf6754b204ccf87ef9db7 2696 ruby optional 
ruby-commonmarker_0.21.0-1.debian.tar.xz
 9bcf732531fc966e08eb9fd550ffc728 8790 ruby optional 
ruby-commonmarker_0.21.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAl9GWcUACgkQia+CtznN
IXoCiggAo86us2jFlQi5US5Ptg+6z+4mT/c13iqDwJ0616mULCFFKHNUJ+PKm7AF
gIM1RCMOaWdDsklaEXgir/sD5aNHPq4EUmVvjFOuCrHVS550R+RFTRYJ0a5CGhBP
8L4qjNDM9iAvJcemMaAeNi23o8pwYXUiyGoGJTUGFIJD6bKfClHRwW69kZ2Ts2CY
xEbvm0vggE3nbL88KkbYVzDgfbeejUmZnCFeZ794BWhYZJuVajVrxA/YEPrj+EHo
LPkKB1LiLd/emD64OoAbC5Cz+q6/rjW8OQU3XrrAxxt1mOeqZ8uifpW9UBP3aV1j
OJsLSaIBkwv5dMW2c4aAiBlHGQZZ5w==
=FvJs
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to