[Git][security-tracker-team/security-tracker][master] Add CVE-2022-39209/cmark-gfm

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 16 05:44:03 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5a7ff1a9 by Salvatore Bonaccorso at 2022-09-16T06:43:28+02:00
Add CVE-2022-39209/cmark-gfm

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3432,7 +3432,13 @@ CVE-2022-39211
 CVE-2022-39210
 	RESERVED
 CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
-	TODO: check
+	- cmark-gfm <unfixed>
+	- python-cmarkgfm <unfixed>
+	- ghostwriter <unfixed>
+	- ruby-commonmarker <unfixed>
+	- r-cran-commonmark <unfixed>
+	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q
+	NOTE: https://github.com/github/cmark-gfm/commit/cfcaa0068bf319974fdec283416fcee5035c2d70 (0.29.0.gfm.6)
 CVE-2022-39208 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...)
 	NOT-FOR-US: Onedev
 CVE-2022-39207 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a7ff1a9dba3df0059b5ab10a97a0a82ed834f81

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a7ff1a9dba3df0059b5ab10a97a0a82ed834f81
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220916/db950bfc/attachment.htm>


More information about the debian-security-tracker-commits mailing list