Your message dated Wed, 23 Apr 2025 10:19:11 +0000
with message-id <e1u7xcb-00cnow...@fasolo.debian.org>
and subject line Bug#1072833: fixed in python-cmarkgfm 2024.11.20-1
has caused the Debian Bug report #1072833,
regarding python-cmarkgfm: Please package the new upstream release 2024+
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1072833: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072833
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-cmarkgfm
Version: 0.8.0-3
Severity: important
X-Debbugs-CC: ol...@debian.org
Dear Debian python-cmarkgfm package maintainer,
A new upstream release of your package 2024.1.14 is available. Besides, the
current
packaged version is vulnerable to multiple CVEs. Please consider preparing a new
packaged version soon.
Thanks,
Boyuan Yang
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: python-cmarkgfm
Source-Version: 2024.11.20-1
Done: Colin Watson <cjwat...@debian.org>
We believe that the bug you reported is fixed in the latest version of
python-cmarkgfm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1072...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwat...@debian.org> (supplier of updated python-cmarkgfm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 23 Apr 2025 10:54:43 +0100
Source: python-cmarkgfm
Architecture: source
Version: 2024.11.20-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Colin Watson <cjwat...@debian.org>
Closes: 1033111 1034172 1034887 1041098 1072833
Changes:
python-cmarkgfm (2024.11.20-1) unstable; urgency=medium
.
* Team upload.
* d/watch: Switch back to PyPI, since its tarballs include submodule
contents.
* New upstream release (closes: #1072833):
- CVE-2022-39209: Remove polynomial time complexity in autolink
extension (closes: #1034887).
- CVE-2023-22483: Quadratic complexity bugs may lead to a denial of
service.
- CVE-2023-22484: Quadratic complexity bug in handle_pointy_brace may
lead to a denial of service.
- CVE-2023-22485: Out-of-bounds read in validate_protocol.
- CVE-2023-22486: Quadratic complexity bug in handle_close_bracket may
lead to a denial of service (closes: #1033111).
- CVE-2023-24824, CVE-2023-26485: Fix quadratic behavior in rendering
(closes: #1034172).
- CVE-2023-37463: Quadratic complexity bugs may lead to a denial of
service (closes: #1041098).
Checksums-Sha1:
c563f27061bc704780155ef3a5c679c873dcc7a8 2354 python-cmarkgfm_2024.11.20-1.dsc
70fc743fdd846c674cce465fa22808dfa9b633f7 146799
python-cmarkgfm_2024.11.20.orig.tar.gz
a0d8930a534cdb13375da1aff98d87ed1d312151 5260
python-cmarkgfm_2024.11.20-1.debian.tar.xz
Checksums-Sha256:
fd871cc640260c2c288f37a4b0e0f467c7417311eef7668f9e4dd4a2a8566d7a 2354
python-cmarkgfm_2024.11.20-1.dsc
5dd01cf61975a8a57213cdef5ed870e936032f13fe93d60ddf659ffb9cf73c6a 146799
python-cmarkgfm_2024.11.20.orig.tar.gz
ee4b9d0725a6fc51cd4f8c01fad94e50a322dc48300f07ed54850be6c41fb2b0 5260
python-cmarkgfm_2024.11.20-1.debian.tar.xz
Files:
c997cd033350e5af9a57fddd00990e74 2354 python optional
python-cmarkgfm_2024.11.20-1.dsc
669ad7aff2f7706f754c627188f343a9 146799 python optional
python-cmarkgfm_2024.11.20.orig.tar.gz
8b9609459fb00fef095abb23c398fd35 5260 python optional
python-cmarkgfm_2024.11.20-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmgIuR0ACgkQOTWH2X2G
UAtMwhAAtji8U+B+g/hg4yBBlzWS1IvJMb7iSPfpFBpW374oDIVg2cUePHKlgErX
jGY35FSBEZ6MN6Bveeb7W0H3yWFWsGUeGOtjypOTDPDoP0ZW1P9B9phOn4+abzNU
1o0NiPdA+fzIstOMF3AmnBPuMbsG0lFgWK0IJFRAl3Smpd4OVLkYSvUfZkETXF2s
W/cht1bjrCw1VAx1vv/CEuv8f0Z/PvHSBrFLDVnqxZqzCrZ8nYNK7xfD7wTs3Zjx
RfVKQOv8yEE0YULY+6MEHlPJcajrH3CaoASeVqFwemJK810gUdBj+v5kWA/zJkzk
UCAH/B9K5+GyXhabk/EYQULWT4XF4faaj9PIbhTyGk2LP6QGMdccTPvNfkylolu4
Fl/3HSt331/CEdk/4gcmm93Wfittlil7tABsK0MeMwzFaCwfBzL6pnMDlf+J2hZC
2BDZAAmyNbuACYmbdOzGCnH8DJ6cZmhf4jSakXtBimD495Id5MN6yU956xyTFqDr
c4oLI/hUnQFgGOVmDnBM10vWO9WBsDd4rnfEh8mZjFFU1AZgIhI0N9IMboS0dqny
pne/l/aYs1BaL18dNihJbj/GPmS0/IXpVMPNAMn0/JiJugAnq1TxT0QaSBRMnJuq
PC2eNbh5XULvGmHLnmZ9n5HScKc+c/h9+kLIRr9lryyKcTlUc3E=
=pAuk
-----END PGP SIGNATURE-----
pgpicpmVt5akr.pgp
Description: PGP signature
--- End Message ---
