Hi,
this CVE is unfixed for more than 1 year, however it's easy to fix with
a simple upgrade to last version + following patch:
diff --git a/debian/changelog b/debian/changelog
index b95a02e..fdb37b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+cmark-gfm (0.29.0.gfm.13-1) UNRELEASED; urgency=medium
+
+ * Non maintainer upload
+ * Drop 2 patches, now included in upstream source
+ * Update install
+
+ -- Yadd <y...@debian.org> Sat, 04 Jan 2025 12:38:37 +0100
+
cmark-gfm (0.29.0.gfm.6-1) unstable; urgency=medium
* New upstream version.
diff --git a/debian/libcmark-gfm-extensions-dev.install
b/debian/libcmark-gfm-extensions-dev.install
index 116255d..da1ee72 100644
--- a/debian/libcmark-gfm-extensions-dev.install
+++ b/debian/libcmark-gfm-extensions-dev.install
@@ -2,4 +2,3 @@ usr/lib/*/libcmark-gfm-extensions.so
usr/lib/*/libcmark-gfm-extensions.a
usr/include/cmark-gfm-core-extensions.h
usr/include/cmark-gfm-extension_api.h
-usr/include/cmark-gfm-extensions_export.h
diff --git a/debian/patches/series b/debian/patches/series
index afae227..4b5fc15 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,3 @@
-0001-Use-stdbool.h-instead-of-config.h-in-published-heade.patch
-0002-man-Switch-safe-option-for-unsafe-in-man-page.patch
+#0001-Use-stdbool.h-instead-of-config.h-in-published-heade.patch
+#0002-man-Switch-safe-option-for-unsafe-in-man-page.patch
0003-Install-all-headers-in-include-cmark-gfm.patch
