Source: pypy3 X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerability was published for pypy3. CVE-2025-69534[0]: | Python-Markdown version 3.8 contain a vulnerability where malformed | HTML-like sequences can cause html.parser.HTMLParser to raise an | unhandled AssertionError during Markdown parsing. Because Python- | Markdown does not catch this exception, any application that | processes attacker-controlled Markdown may crash. This enables | remote, unauthenticated Denial of Service in web applications, | documentation systems, CI/CD pipelines, and any service that renders | untrusted Markdown. The issue was acknowledged by the vendor and | fixed in version 3.8.1. This issue causes a remote Denial of Service | in any application parsing untrusted Markdown, and can lead to | Information Disclosure through uncaught exceptions. https://github.com/Python-Markdown/markdown/issues/1534 https://github.com/python/cpython/issues/77057 https://github.com/python/cpython/commit/76c0b01bc401c3e976011bbc69cec56dbebe0ad5 (v3.15.0a1) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-69534 https://www.cve.org/CVERecord?id=CVE-2025-69534 Please adjust the affected versions in the BTS as needed.

