[Git][security-tracker-team/security-tracker][master] new cmark-gfm issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Apr 10 16:51:04 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
480f3f17 by Moritz Muehlenhoff at 2023-04-10T17:50:51+02:00
new cmark-gfm issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11039,7 +11039,12 @@ CVE-2023-26487 (Vega is a visualization grammar, a declarative format for creati
 CVE-2023-26486 (Vega is a visualization grammar, a declarative format for creating, sa ...)
 	NOT-FOR-US: Vega
 CVE-2023-26485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
-	TODO: check
+	- cmark-gfm <unfixed>
+	- python-cmarkgfm <unfixed>
+	- r-cran-commonmark <unfixed>
+	- ruby-commonmarker <unfixed>
+	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5
+	NOTE: https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987
 CVE-2023-26484 (KubeVirt is a virtual machine management add-on for Kubernetes. In ver ...)
 	NOT-FOR-US: KubeVirt
 CVE-2023-26483 (gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Provider ...)
@@ -15888,7 +15893,12 @@ CVE-2023-24826
 CVE-2023-24825
 	RESERVED
 CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
-	TODO: check
+	- cmark-gfm <unfixed>
+	- python-cmarkgfm <unfixed>
+	- r-cran-commonmark <unfixed>
+	- ruby-commonmarker <unfixed>
+	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh
+	NOTE: https://github.com/github/cmark-gfm/commit/2300c1bd2c8226108885bf019655c4159cf26b59
 CVE-2023-24823
 	RESERVED
 CVE-2023-24822



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/480f3f17c5cb7761dd3d8420e4fdce5153668330

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/480f3f17c5cb7761dd3d8420e4fdce5153668330
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230410/a18502c7/attachment.htm>

More information about the debian-security-tracker-commits mailing list