Your message dated Sat, 04 Jul 2026 16:17:07 +0000
with message-id <[email protected]>
and subject line Bug#1123672: fixed in pymdown-extensions 10.13-1+deb13u1
has caused the Debian Bug report #1123672,
regarding pymdown-extensions: CVE-2025-68142
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1123672: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123672
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pymdown-extensions
Version: 10.13-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 10.13-1

Hi,

The following vulnerability was published for pymdown-extensions.

CVE-2025-68142[0]:
| PyMdown Extensions is a set of extensions for the `Python-Markdown`
| markdown project. Versions prior to 10.16.1 have a ReDOS bug found
| within the figure caption extension (`pymdownx.blocks.caption`). In
| systems that take unchecked user content, this could cause long
| hanges when processing the data if a malicious payload was crafted.
| This issue is patched in Release 10.16.1. As a workaround, those who
| process unknown user content without timeouts or other safeguards in
| place to prevent really large, malicious content being aimed at
| systems may avoid the use of `pymdownx.blocks.caption` until they're
| able to upgrade.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-68142
    https://www.cve.org/CVERecord?id=CVE-2025-68142
[1] 
https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-r6h4-mm7h-8pmq
[2] 
https://github.com/facelessuser/pymdown-extensions/commit/b50d15a56850ed1408a284bba81cc019c6bd72e8

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: pymdown-extensions
Source-Version: 10.13-1+deb13u1
Done: Adrian Bunk <[email protected]>

We believe that the bug you reported is fixed in the latest version of
pymdown-extensions, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated pymdown-extensions package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 22 Jun 2026 16:39:55 +0300
Source: pymdown-extensions
Architecture: source
Version: 10.13-1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1123672
Changes:
 pymdown-extensions (10.13-1+deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-68142: ReDOS in Figure Capture extension (Closes: #1123672)
Checksums-Sha1:
 890a0de3dca9924bc1411b80ff21f6b45898dfd1 2386 
pymdown-extensions_10.13-1+deb13u1.dsc
 2198a4c63e03e5d7ae42825cb75f6a1899e1f96e 1129075 
pymdown-extensions_10.13.orig.tar.gz
 f5cb587564e64e63c0009cffdace77d8f6a3cb9a 4888 
pymdown-extensions_10.13-1+deb13u1.debian.tar.xz
Checksums-Sha256:
 49db90f84dcaa22333f12056240626eb93fc7f664220655d59ffcdaded993f9b 2386 
pymdown-extensions_10.13-1+deb13u1.dsc
 44bdc51b81508a5d4ff9f3c217cf7966a1ea37b9132e53bc79e2ea068c0c6ab8 1129075 
pymdown-extensions_10.13.orig.tar.gz
 92224263c24fde7185bf5312b9acaf9df15d924ed4131dec07cf2b13d641be19 4888 
pymdown-extensions_10.13-1+deb13u1.debian.tar.xz
Files:
 dad676111b4880e0c07ef6695433c1f1 2386 python optional 
pymdown-extensions_10.13-1+deb13u1.dsc
 a026cdb85819b19b4aada9107ff4c81a 1129075 python optional 
pymdown-extensions_10.13.orig.tar.gz
 40ab6b41d4d285ad9b164d62eed4943e 4888 python optional 
pymdown-extensions_10.13-1+deb13u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmo5PoMACgkQiNJCh6LY
mLGILhAArJXAntxxQswXH3/PQ/JxKhcoWTN8WSpbDr4HfrHUTJR8KbHuoy8l9lts
CNbDYiCcddoT5aPub2KRJOq7czjy7d0+lgowvpowqfoCtdS/OE9n7JDoWUzlnDI4
o1Ye5bWeyP1Rj5heS4SLL8SGLMi2XTJ14TRHmXt77hHpRt/Fy9qD1/QOUokrjYu0
CLiKqEqtyiMG/dS9OeM4MG8av3ldZMaroszWkU09W9wiGLpX+mRdOirLW/6pAV19
RcjZlrrKhLCSbMo2mu7FNtRXsYaB7OFrvzH+bUD25Xb34CgdLgUUOqi0iFSFZMv1
NG5k9JY8jvjjd2u+SpTVlr9XSKKeVyAJu7Xo1ZIty4USu4mUX9qecGckZnmdh7Wc
fNwTBVz/sfMm5U3Nqda2eNfiN/aMnweASaDivfN3aTikiuVXerMZHzf2KYvBw3wo
Y5zxj+yhMVBkROTftlMzUC7xJrF+5M5M7g6ppPd0a/3s0TLD8I6k0fbLuuv+DDw7
O+6Fr1WxhMomITsI6vcUqk6OYOcYNAWbCZdCiECgkN9N0vrbRJh9fnwvEszNipFq
KjL3yUuKVmT+jW57DwIP7D5KM8w9G++UYYliUd+xUtxRVRL/xj17Zbr2gMtIeCtM
DDnfkLtHTTCxeyzypwCehFaFasBpNiZfIHi9ab5uDNWu1Cef4bM=
=933S
-----END PGP SIGNATURE-----

Attachment: pgpIb81_AWvIk.pgp
Description: PGP signature


--- End Message ---

Reply via email to