On Tue, 29 Nov 2022, Chris Hofstaedtler wrote:
* Sebastian Ramacher <[email protected]> [221129 11:21]:
Source: cmark-gfm
Version: 0.29.0.gfm.6-2
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
https://buildd.debian.org/status/fetch.php?pkg=cmark-gfm&arch=s390x&ver=0.29.0.gfm.6-2&stamp=1666810004&raw=0
--- expected HTML
+++ actual HTML
@@ -7,15 +7,15 @@
<p><a href="mailto:[email protected]";>[email protected]</a>/<a
href="mailto:[email protected]";>[email protected]</a></p>
<p><a href="mailto:[email protected]";>mailto:[email protected]</a></p>
<p>This is a <a
href="mailto:[email protected]";>mailto:[email protected]</a></p>
-<p><a href="mailto:[email protected]";>mailto:[email protected]</a>.</p>
+<p>mailto:<a href="mailto:[email protected]";>[email protected]</a>.</p>
This is caused by an out-of-bounds read on a memory buffer, which
seems to be masked by stack layout on little-endian archs(?).
PR for upstream is here:
https://github.com/github/cmark-gfm/pull/296/files
I've verified on zelenka.d.o this fixes the build failure.
Thanks for the fix, Chris! I was trying to look into this myself earlier.
@Keith, do you have time to upload this patch? Unfortunately, this is
blocking a large number of packages from migrating to testing.
Alternatively, any objections to an NMU?
Thanks,
Scott
