[Git][security-tracker-team/security-tracker][master] Add CVE-2023-2248{3,4,5,6}/cmark-gfm

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 31 08:05:57 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13a6dea4 by Salvatore Bonaccorso at 2023-01-31T09:05:26+01:00
Add CVE-2023-2248{3,4,5,6}/cmark-gfm

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6986,13 +6986,22 @@ CVE-2023-22488 (Flarum is a forum software for building communities. Using the n
 CVE-2023-22487 (Flarum is a forum software for building communities. Using the mention ...)
 	NOT-FOR-US: Flarum
 CVE-2023-22486 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
-	TODO: check
+        - cmark-gfm <unfixed>
+	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p
+	NOTE: https://github.com/github/cmark-gfm/commit/ece074cc3378f7a8dec0395f00123e9fa6981f7b (0.29.0.gfm.7)
+	TODO: check other codebase, python-cmarkgfm, ghostwriter, ruby-commonmarker and r-cran-commonmark
 CVE-2023-22485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
-	TODO: check
+        - cmark-gfm <unfixed>
+	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr
+	TODO: check other codebase, python-cmarkgfm, ghostwriter, ruby-commonmarker and r-cran-commonmark
 CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
-	TODO: check
+        - cmark-gfm <unfixed>
+	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r
+	TODO: check other codebase, python-cmarkgfm, ghostwriter, ruby-commonmarker and r-cran-commonmark
 CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
-	TODO: check
+        - cmark-gfm <unfixed>
+	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c
+	TODO: check other codebase, python-cmarkgfm, ghostwriter, ruby-commonmarker and r-cran-commonmark
 CVE-2023-22482 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
 	NOT-FOR-US: Argo CD
 CVE-2023-22481



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13a6dea4fe7872df3e34956b7a73343e444de76a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13a6dea4fe7872df3e34956b7a73343e444de76a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230131/ed4937ed/attachment.htm>

More information about the debian-security-tracker-commits mailing list