Am Sat, Mar 06, 2021 at 09:39:52PM +0100 schrieb Salvatore Bonaccorso: > Source: python-markdown2 > Version: 2.3.10-1 > Severity: important > Tags: security upstream > Forwarded: https://github.com/trentm/python-markdown2/pull/387 > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > > Hi, > > The following vulnerability was published for python-markdown2. > > CVE-2021-26813[0]: > | markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular > | expression denial of service vulnerability. If an attacker provides a > | malicious string, it can make markdown2 processing difficult or > | delayed for an extended period of time. > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2021-26813 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26813
This is fixed in https://github.com/trentm/python-markdown2/commit/7b651260739647de5198323e0445b1618750c374 , can we get that fixed/unblocked for Bullseye? Cheers, Moritz
