Your message dated Sun, 05 Jan 2025 11:00:11 +0000
with message-id <e1tuomd-00aek3...@fasolo.debian.org>
and subject line Bug#1041097: fixed in cmark-gfm 0.29.0.gfm.13-1
has caused the Debian Bug report #1041097,
regarding cmark-gfm: CVE-2023-37463
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1041097: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041097
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: cmark-gfm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for cmark-gfm.
CVE-2023-37463[0]:
| cmark-gfm is an extended version of the C reference implementation
| of CommonMark, a rationalized version of Markdown syntax with a
| spec. Three polynomial time complexity issues in cmark-gfm may lead
| to unbounded resource exhaustion and subsequent denial of service.
| These vulnerabilities have been patched in 0.29.0.gfm.12.
https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-37463
https://www.cve.org/CVERecord?id=CVE-2023-37463
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: cmark-gfm
Source-Version: 0.29.0.gfm.13-1
Done: Keith Packard <kei...@keithp.com>
We believe that the bug you reported is fixed in the latest version of
cmark-gfm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1041...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Keith Packard <kei...@keithp.com> (supplier of updated cmark-gfm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 04 Jan 2025 12:21:02 -0800
Source: cmark-gfm
Binary: cmark-gfm cmark-gfm-dbgsym libcmark-gfm-dev libcmark-gfm-extensions-dev
libcmark-gfm-extensions0.29.0.gfm.13
libcmark-gfm-extensions0.29.0.gfm.13-dbgsym libcmark-gfm0.29.0.gfm.13
libcmark-gfm0.29.0.gfm.13-dbgsym
Architecture: source amd64
Version: 0.29.0.gfm.13-1
Distribution: unstable
Urgency: medium
Maintainer: Keith Packard <kei...@keithp.com>
Changed-By: Keith Packard <kei...@keithp.com>
Description:
cmark-gfm - CommonMark parsing and rendering program, GitHub flavor
libcmark-gfm-dev - CommonMark GitHub flavor gfm library dev files
libcmark-gfm-extensions-dev - CommonMark GitHub flavor gfm extensions library
dev files
libcmark-gfm-extensions0.29.0.gfm.13 - CommonMark GitHub flavor gfm extension
library
libcmark-gfm0.29.0.gfm.13 - CommonMark GitHub flavor gfm library
Closes: 1033110 1034171 1041097
Changes:
cmark-gfm (0.29.0.gfm.13-1) unstable; urgency=medium
.
* New upstream version.
.
* Resolves: CVE-2023-37463. (Closes: #1041097)
.
* Resolves: CVE-2023-26485 CVE-2023-24824. (Closes: #1034171)
.
* Resolves: CVE-2023-22483 CVE-2023-22484 CVE-2023-22485
CVE-2023-22486. (Closes: #1033110)
Checksums-Sha1:
2958962f937af078fde260685ebe0e38579aa552 2191 cmark-gfm_0.29.0.gfm.13-1.dsc
0749694fb63b8251b8802ccf27e2a4ac9a524c09 300086
cmark-gfm_0.29.0.gfm.13.orig.tar.gz
4544526e47561c30136537ff3367dd1ff6ed487c 11180
cmark-gfm_0.29.0.gfm.13-1.debian.tar.xz
85c214bb6a3a63cec28f537e49a154a5c67a3eab 12760
cmark-gfm-dbgsym_0.29.0.gfm.13-1_amd64.deb
af51fd41905a14b2780331fd000b81affa99271d 10205
cmark-gfm_0.29.0.gfm.13-1_amd64.buildinfo
47da7b0ce4f8cc1de4f424a806c20d45327367b6 132228
cmark-gfm_0.29.0.gfm.13-1_amd64.deb
9190b1c2f91382d16ebe0c94d83bdf40d158cb74 159788
libcmark-gfm-dev_0.29.0.gfm.13-1_amd64.deb
256c021b1875f0f045ee05a531bad9af82ac51e1 54684
libcmark-gfm-extensions-dev_0.29.0.gfm.13-1_amd64.deb
faf235c3b058735f46d22791a668cc9dbb690636 46500
libcmark-gfm-extensions0.29.0.gfm.13-dbgsym_0.29.0.gfm.13-1_amd64.deb
8cd42f8bb6050249655dfab14b32e2f079711c0a 48792
libcmark-gfm-extensions0.29.0.gfm.13_0.29.0.gfm.13-1_amd64.deb
640988ff481e9043c1dd39a3c7b00dd6a6caf6a9 213864
libcmark-gfm0.29.0.gfm.13-dbgsym_0.29.0.gfm.13-1_amd64.deb
57c1c73228795e7f628dcdee3cdc1fc45787a48c 122892
libcmark-gfm0.29.0.gfm.13_0.29.0.gfm.13-1_amd64.deb
Checksums-Sha256:
d991ef66dda640d34578c96d2b71c55898dd74e0c563bded60e953dee7667118 2191
cmark-gfm_0.29.0.gfm.13-1.dsc
5abc61798ebd9de5660bc076443c07abad2b8d15dbc11094a3a79644b8ad243a 300086
cmark-gfm_0.29.0.gfm.13.orig.tar.gz
96a47114db62451fdc6b648b8967a61c4c59cb00447f5034a56cd16271ea4f2b 11180
cmark-gfm_0.29.0.gfm.13-1.debian.tar.xz
9536df454b91f2f10a5ea32c37907fac1c20c847040a5bd7e55fa4f8208e37cf 12760
cmark-gfm-dbgsym_0.29.0.gfm.13-1_amd64.deb
fd663d6dc532845e66feec953d4cf3a4829fef8067a2b54afed8f96f1b8579f6 10205
cmark-gfm_0.29.0.gfm.13-1_amd64.buildinfo
146f4a83701f3af4d44a9d5526e18c6d8ef2f77508f7ae3315ff4ed5b74cc2f8 132228
cmark-gfm_0.29.0.gfm.13-1_amd64.deb
a3366817711c3c3faab8ea29ad933741ab516fb371989211f1fc6948ad18ab21 159788
libcmark-gfm-dev_0.29.0.gfm.13-1_amd64.deb
46ecb2eb7f0eb0f6592e53589c222f91b11cc5a10d084e818de943b968910e00 54684
libcmark-gfm-extensions-dev_0.29.0.gfm.13-1_amd64.deb
ad987d1cf929a336fe2fd8feef4fcaa84435ce1bdda468afc2c775068686b271 46500
libcmark-gfm-extensions0.29.0.gfm.13-dbgsym_0.29.0.gfm.13-1_amd64.deb
187f6aa368ec41fd278013b9275a3d7cc5bdfda93b5633e66b93f2d8e42204c0 48792
libcmark-gfm-extensions0.29.0.gfm.13_0.29.0.gfm.13-1_amd64.deb
69b9d7f4b5d5a9756312080ff4a46d6458d0384e39af8d795f62a4573d75d9ca 213864
libcmark-gfm0.29.0.gfm.13-dbgsym_0.29.0.gfm.13-1_amd64.deb
5e72924b8fb13dad62cc1dce8514980b78d498191237becc2a1282bd535c29f4 122892
libcmark-gfm0.29.0.gfm.13_0.29.0.gfm.13-1_amd64.deb
Files:
e457449e0de032e75bcea73ad229618c 2191 text optional
cmark-gfm_0.29.0.gfm.13-1.dsc
65f559c2ad9001cfbac1d6977612c320 300086 text optional
cmark-gfm_0.29.0.gfm.13.orig.tar.gz
658f17fd23b3b7b36d6c269d75c3e90c 11180 text optional
cmark-gfm_0.29.0.gfm.13-1.debian.tar.xz
8b3717b514f2041b2b463d5e9990a071 12760 debug optional
cmark-gfm-dbgsym_0.29.0.gfm.13-1_amd64.deb
8852e5b6d2df4c635901a0b55dadb941 10205 text optional
cmark-gfm_0.29.0.gfm.13-1_amd64.buildinfo
e86a27c9b940a47d72e402bd89ee57a8 132228 text optional
cmark-gfm_0.29.0.gfm.13-1_amd64.deb
0adcec81a625ac35391b18e53fd2bff7 159788 libdevel optional
libcmark-gfm-dev_0.29.0.gfm.13-1_amd64.deb
78a35ef85c03f28bce2c2e5da5781ebe 54684 libdevel optional
libcmark-gfm-extensions-dev_0.29.0.gfm.13-1_amd64.deb
31b60546dda79c4b940b17573f222875 46500 debug optional
libcmark-gfm-extensions0.29.0.gfm.13-dbgsym_0.29.0.gfm.13-1_amd64.deb
ceda906f887ea2f531921cc28ffb648b 48792 libs optional
libcmark-gfm-extensions0.29.0.gfm.13_0.29.0.gfm.13-1_amd64.deb
6a5dfd6531cb51bef44c9eb233778dc1 213864 debug optional
libcmark-gfm0.29.0.gfm.13-dbgsym_0.29.0.gfm.13-1_amd64.deb
5895cb881adc4be785074f14138925cc 122892 libs optional
libcmark-gfm0.29.0.gfm.13_0.29.0.gfm.13-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEw4O3eCVWE9/bQJ2R2yIaaQAAABEFAmd5wNcACgkQ2yIaaQAA
ABHx/w//ZmMiZc1wLvPpZfF+DigpfEMALkIITp6dVACcvZ4ylBhz7MAT8UppiM/8
DgJrcYtwHFFej6m2qS+6npi5QOcab3awp0KXwemkSwA0d4Qk+WY7ceJ+BWQBoMwW
dsvETOyDvBReZgWG7R8DlFPAitE1J+KazUMuuszOU+WoxxumI4UncLpdKOCYMwOb
J7CsMniEYQ/A5NmGjFC6Mzqfgk6UjMdcQ62cFANAuOZ99a2SjvmyhHgMUSSnoo3e
87/aIwCrBIiA3zD2XJ9xS7hvoV+54EBGEOKTm76D8rVdTzQhzpkp4EW3pDEjSPto
bN48dYJbHO9QIG7ayH1Huvvsa1H/LB0gFT8aHVdLt+EWPcRo2iI51+Hf9M5e8r/F
p6eqEgwvsfY0ah6Bw4FCuDtTA0q+JZuuQOk4zLJj2juhzpkgBDw6qM0H52c1dnXL
czWrX1Q02n7GcbO7wxL9EpA/FDBcmSNN20aTCPXXm6iQM/psaYeMpspInuXdUaCr
4gBPAs+KTJo5wcoelHhK/DuyGifBJpHPV5HjbNg6YF2dyHM5suDNWrAZb+ru4yUW
oMMkrIm8ceRVEoUV4qLjPqVbJ19uEG0q5TROBE/Cu/zaOd9ct95hbYuU6Q1cx3NM
vD/L8CjzpteFyGiVz2z+3Jzl8yQl6iZripYaJZqDu6L+qpdLwE8=
=EULH
-----END PGP SIGNATURE-----
pgp_GtpYu9gpk.pgp
Description: PGP signature
--- End Message ---
