Your message dated Tue, 02 Jun 2020 18:37:18 +0000
with message-id <[email protected]>
and subject line Bug#959445: fixed in python-markdown2 2.3.9-1
has caused the Debian Bug report #959445,
regarding python-markdown2: CVE-2020-11888
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
959445: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959445
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-markdown2
Version: 2.3.7-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/trentm/python-markdown2/issues/348
Hi,
The following vulnerability was published for python-markdown2.
CVE-2020-11888[0]:
| python-markdown2 through 2.3.8 allows XSS because element names are
| mishandled unless a \w+ match succeeds. For example, an attack might
| use elementname@ or elementname- with an onclick attribute.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-11888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11888
[1] https://github.com/trentm/python-markdown2/issues/348
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-markdown2
Source-Version: 2.3.9-1
Done: =?utf-8?q?Pierre-Elliott_B=C3=A9cue?= <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-markdown2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre-Elliott Bécue <[email protected]> (supplier of updated python-markdown2
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 02 Jun 2020 19:54:20 +0200
Source: python-markdown2
Architecture: source
Version: 2.3.9-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Pierre-Elliott Bécue <[email protected]>
Closes: 959445
Changes:
python-markdown2 (2.3.9-1) unstable; urgency=medium
.
[ Ondřej Nový ]
* Use debhelper-compat instead of debian/compat.
.
[ Pierre-Elliott Bécue ]
* New upstream release 2.3.9
(Closes: #959445, CVE-2020-11888)
* Add debian/gbp.conf
* Bump Standards-Version to 4.5.0.
* Bump debhelper-compat level to 13
* Fix debian/watch erroneous links
Checksums-Sha1:
97fd0cd5a37b4e09a5471af1d77c0f6aaaf254d8 2170 python-markdown2_2.3.9-1.dsc
8703c5fab61d491c58ced0b9786a708a907e4d3a 101067
python-markdown2_2.3.9.orig.tar.gz
0f9fb1fe50b3f459760e44a4a7759f1a3341ad2f 4412
python-markdown2_2.3.9-1.debian.tar.xz
6d2015247d8719fa776d74e20af5341a0ef21f52 6054
python-markdown2_2.3.9-1_amd64.buildinfo
Checksums-Sha256:
47b181f6ac47831950c3efaeb008de1bf427446df4aeeee8fc34a98147d871d8 2170
python-markdown2_2.3.9-1.dsc
89526090907ae5ece66d783c434b35c29ee500c1986309e306ce2346273ada6a 101067
python-markdown2_2.3.9.orig.tar.gz
a813ac4d24e215f908e439d22ef847a9227e612c2e9e27af768b8d77e2865e33 4412
python-markdown2_2.3.9-1.debian.tar.xz
28f3f3d4c01babf33b1ae0dac6e7761855705b4195a0fc40e0806d8503473f29 6054
python-markdown2_2.3.9-1_amd64.buildinfo
Files:
18be664d2ba2f504e041fcd3a0df3b63 2170 python optional
python-markdown2_2.3.9-1.dsc
5c1f9002060cf534bde0bdd584d6b70a 101067 python optional
python-markdown2_2.3.9.orig.tar.gz
6b7d07bfe64cea4c53ffe2deb0afd521 4412 python optional
python-markdown2_2.3.9-1.debian.tar.xz
224953daf3081e603dd22f8e13c3d87a 6054 python optional
python-markdown2_2.3.9-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJSBAEBCgA8FiEESYqTBWsFJgT6y8ijKb+g0HkpCsoFAl7WkwEeHHBpZXJyZS1l
bGxpb3R0LmJlY3VlQGlucmlhLmZyAAoJECm/oNB5KQrKzR8QAI/YkZMz7JhRgQcM
TE8x2RsQmroRAlxrpZQSts6AGlr8PktsikiD8gnliidHTrjQSTbPP+qeJMtYwyH6
dhRWQNbVSfZjnAq6SfHDVFtE0DlCs0uRX+ivxeCJ8DK7cVgQcr3dqAyr5DmcOyGL
F7qvVGyO3BDl47SqezfiWx5Jo/RXMJAnBSavDPz4KYCFbqGbdDajZceuwrdi/zvO
LGda5hw37iSvahiWzsD4EWNc9JV58eangyIOmGFNXOb/0RjIbS3HZjfdAQx0Kkfg
UBCbQRN2ET1/wGLIypuDXLmvjPmCywFwOOomHP9F+tv5d8r0L/+0fX4qWp0z/gsy
50F1lABlBSbsSg+vftUIxoa69znF+rbqe44tc1hSC+cUYefbaLcA4apcwdXpI0Kr
vwat1/QqmN+0XWTmQnwajDkV51CmK7orlFGuIEF5L7myCQV6dpOOby4sXw60Iw8R
2Sbt6lVN49badB69Wp1CVYpC0EwY8cwkUaOUzodS58WV1ZLiFXsWcOUyvjqG+0kS
JhPdYCeltNFWvY9iy0WiDTMUbF9fVB2rETgcL3/TpHf95PCmqeKZvCEvok5kVnys
dfUnG6M8bWtUid9GKMhcGzDL/t8DUI5Hd2OSvqXp02NmHnOhc6A04lVpuuaTc3Ad
fMMhK5Vk4auY8qVe8IrPHr2Xnpbx
=xCCg
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
