[Git][security-tracker-team/security-tracker][master] CVE-2022-24724/cmark ghostwriter python-cmarkgfm ruby-commonmarker & r-cran-commonmark

Neil Williams (@codehelp) codehelp at debian.org
Fri Mar 4 11:53:46 GMT 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18f96711 by Neil Williams at 2022-03-04T11:53:06+00:00
CVE-2022-24724/cmark ghostwriter python-cmarkgfm ruby-commonmarker & r-cran-commonmark

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4359,7 +4359,14 @@ CVE-2022-24726
 CVE-2022-24725 (Shescape is a shell escape package for JavaScript. An issue in version ...)
 	NOT-FOR-US: Node shescape
 CVE-2022-24724 (cmark-gfm is GitHub's extended version of the C reference implementati ...)
-	TODO: check
+	- cmark-gfm <unfixed> (bug #1006756)
+	- ghostwriter <unfixed> (bug #1006757)
+	- python-cmarkgfm <unfixed> (bug #1006758)
+	- ruby-commonmarker <unfixed> (bug #1006759)
+	- r-cran-commonmark <unfixed> (bug #1006760)
+	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
+	NOTE: https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.3
+	NOTE: https://github.com/github/cmark-gfm/commit/ac80f7b56522ffa158e1f0c14a611ffccacd4027 (0.29.0.gfm.3)
 CVE-2022-24723 (URI.js is a Javascript URL mutation library. Before version 1.19.9, wh ...)
 	- node-urijs <itp> (bug #902083)
 	NOTE: https://github.com/medialize/uri.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316 (v1.19.9)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18f967111b0c7ea59f99668ceb2fdc86981f22ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18f967111b0c7ea59f99668ceb2fdc86981f22ca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220304/4b94f894/attachment.htm>

More information about the debian-security-tracker-commits mailing list