Your message dated Mon, 07 Jun 2021 09:04:09 +0000
with message-id <e1lqbb3-000fa4...@fasolo.debian.org>
and subject line Bug#984668: fixed in python-markdown2 2.3.10-1.1
has caused the Debian Bug report #984668,
regarding python-markdown2: CVE-2021-26813
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
984668: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984668
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-markdown2
Version: 2.3.10-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/trentm/python-markdown2/pull/387
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for python-markdown2.
CVE-2021-26813[0]:
| markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular
| expression denial of service vulnerability. If an attacker provides a
| malicious string, it can make markdown2 processing difficult or
| delayed for an extended period of time.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-26813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26813
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-markdown2
Source-Version: 2.3.10-1.1
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
python-markdown2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 984...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated python-markdown2
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 05 Jun 2021 10:38:29 +0200
Source: python-markdown2
Architecture: source
Version: 2.3.10-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 984668
Changes:
python-markdown2 (2.3.10-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Regex DOS fixes (CVE-2021-26813) (Closes: #984668)
Checksums-Sha1:
744c52c7de00c0363bde9e60b47501445b35ac7d 2357 python-markdown2_2.3.10-1.1.dsc
57fa002cd833156157f3f7133cac242ce04fe177 6100
python-markdown2_2.3.10-1.1.debian.tar.xz
ea68794826bb4cafd827c5071dcfa391c2667a60 7172
python-markdown2_2.3.10-1.1_source.buildinfo
Checksums-Sha256:
e8f054373dc40633da18d8c027d3247ebf340f76fb7c89f0b26a49270d80113c 2357
python-markdown2_2.3.10-1.1.dsc
77c6d5b4451393d35d581f2ac8321ce70d0339c65896f7b52a6c1fb1c6fcf4a0 6100
python-markdown2_2.3.10-1.1.debian.tar.xz
e9b06baa52685ffe968269c5533c729bec300c9044289a0c4b9fbb42181fe18c 7172
python-markdown2_2.3.10-1.1_source.buildinfo
Files:
a4d4ad114b4378b8fd9af52fc8465c1a 2357 python optional
python-markdown2_2.3.10-1.1.dsc
11fd4d2bf5aee017da17918d62a068ca 6100 python optional
python-markdown2_2.3.10-1.1.debian.tar.xz
186556f9ba63d3bf8c0916fe7d18f80a 7172 python optional
python-markdown2_2.3.10-1.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmC7OU9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EHEcP/2aTvPL9eACBKckhgAnpAlucqjZu8CZ6
tZcM33vFa2J1rx9wbUqJNyQk0q20ueqjrltevsG0oo3gV4Wryjs6lWTkHJjbSdlB
EOmQ48s6Kr1MWe9MuilrjAmVXdifJlUe3gtm/YM2b75tiCiDwBSpkoH9H1Abapeg
qJegNVlBni0tyJqFVTChgRD68x0S1U082KSKvI4Lon0yj8NyOlECV9PYtKfDPMrz
PW3u5iqJfycKd+sq6TZRek4HnXZyACBiEkYIb21i+UAG+7rYzKwRn6CkGcCgHfRK
+9C3HT726or47GECOb5FGaYXbvNijd1yyZbNdCKuiuN4fcShNTTYPO5CLqMekDVe
JEJvXHknATvyYxQ1HGNZzM7Py8vC3dZcLNZwMX0AdzQteQ1pzzMErM06XB6jU83c
hnSIgIZYrGTgh6uAlTUN3sqIFf7D5kmBK4kU8j7FGuuLrqMENyFXllWAwsvQWJkx
G1GQu9MFz2Ly/BJvO1EljxHgK1s1Rcxr7AbjEJ6Ph5tEfa4fJ2QLSWZm7hNG5ytV
Wsbwa3yAMH33qKJOOfutDxSgVfCkLkCLYXdmQjrC1h4u3NZEr1Zk655Gm40Vzz5B
zn7nSY2XLiP0TmA0JJ9x85D+BSnXpr2aBbyHcLHryKTaOO5oHf3ftZt/C0va4ra7
4i5HuOH7Rz7W
=Aiot
-----END PGP SIGNATURE-----
--- End Message ---
