Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:pymdown-extensions
User: [email protected]
Usertags: pu

  * CVE-2025-68142: ReDOS in Figure Capture extension (Closes: #1123672)
diffstat for pymdown-extensions-10.13 pymdown-extensions-10.13

 changelog                                                          |    7 ++
 patches/0001-Caption-pattern-should-match-a-literal-dot-2717.patch |   25 
++++++++++
 patches/series                                                     |    1 
 3 files changed, 33 insertions(+)

diff -Nru pymdown-extensions-10.13/debian/changelog 
pymdown-extensions-10.13/debian/changelog
--- pymdown-extensions-10.13/debian/changelog   2024-12-23 20:34:45.000000000 
+0200
+++ pymdown-extensions-10.13/debian/changelog   2026-06-22 16:39:55.000000000 
+0300
@@ -1,3 +1,10 @@
+pymdown-extensions (10.13-1+deb13u1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2025-68142: ReDOS in Figure Capture extension (Closes: #1123672)
+
+ -- Adrian Bunk <[email protected]>  Mon, 22 Jun 2026 16:39:55 +0300
+
 pymdown-extensions (10.13-1) unstable; urgency=medium
 
   * Fix syntax error in Maintainer: field that confuses UDD & the Tracker
diff -Nru 
pymdown-extensions-10.13/debian/patches/0001-Caption-pattern-should-match-a-literal-dot-2717.patch
 
pymdown-extensions-10.13/debian/patches/0001-Caption-pattern-should-match-a-literal-dot-2717.patch
--- 
pymdown-extensions-10.13/debian/patches/0001-Caption-pattern-should-match-a-literal-dot-2717.patch
  1970-01-01 02:00:00.000000000 +0200
+++ 
pymdown-extensions-10.13/debian/patches/0001-Caption-pattern-should-match-a-literal-dot-2717.patch
  2026-06-22 16:39:24.000000000 +0300
@@ -0,0 +1,25 @@
+From af8860e515de142193a2bd05083135cae30c5969 Mon Sep 17 00:00:00 2001
+From: Isaac Muse <[email protected]>
+Date: Mon, 21 Jul 2025 20:46:55 -0600
+Subject: Caption pattern should match a literal dot (#2717)
+
+---
+ pymdownx/blocks/caption.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pymdownx/blocks/caption.py b/pymdownx/blocks/caption.py
+index c0023a64..34b6eaa9 100644
+--- a/pymdownx/blocks/caption.py
++++ b/pymdownx/blocks/caption.py
+@@ -31,7 +31,7 @@ from .. blocks import BlocksExtension
+ from markdown.treeprocessors import Treeprocessor
+ import re
+ 
+-RE_FIG_NUM = re.compile(r'^(\^)?([1-9][0-9]*(?:.[1-9][0-9]*)*)(?= |$)')
++RE_FIG_NUM = re.compile(r'^(\^)?([1-9][0-9]*(?:\.[1-9][0-9]*)*)(?= |$)')
+ RE_SEP = re.compile(r'[_-]+')
+ 
+ 
+-- 
+2.47.3
+
diff -Nru pymdown-extensions-10.13/debian/patches/series 
pymdown-extensions-10.13/debian/patches/series
--- pymdown-extensions-10.13/debian/patches/series      1970-01-01 
02:00:00.000000000 +0200
+++ pymdown-extensions-10.13/debian/patches/series      2026-06-22 
16:39:53.000000000 +0300
@@ -0,0 +1 @@
+0001-Caption-pattern-should-match-a-literal-dot-2717.patch

Reply via email to