[Git][security-tracker-team/security-tracker][master] Add CVE-2018-25110/node-marked

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
47809b8e by Salvatore Bonaccorso at 2025-05-24T10:48:49+02:00
Add CVE-2018-25110/node-marked

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -413,7 +413,11 @@ CVE-2023-53154 (parse_string in cJSON before 1.7.18 has a heap-based buffer over
 CVE-2023-34873 (On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5 ...)
 	NOT-FOR-US: MOBOTIX P3 cameras
 CVE-2018-25110 (Marked prior to version 0.3.17 is vulnerable to a Regular Expression D ...)
-	TODO: check
+	- node-marked 0.5.1+dfsg-1
+	NOTE: https://github.com/markedjs/marked/issues/1070
+	NOTE: https://github.com/markedjs/marked/pull/1083
+	NOTE: Fixed by: https://github.com/markedjs/marked/commit/b15e42b67cec9ded8505e9d68bb8741ad7a9590d (v0.3.18)
+	NOTE: Fixed by: https://github.com/markedjs/marked/commit/2846212bb025d483690b95a007994d0d027ed056 (v0.3.18)
 CVE-2025-40909 [Thread creation while a directory handle is open does a fchdir, affecting other threads (race condition)]
 	- perl <unfixed> (bug #1098226)
 	[bookworm] - perl <postponed> (Minor issue; decide for DSA or no-DSA once upstream lands a fix)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47809b8e6cc1b71936a3bf53857c9a65985c46da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47809b8e6cc1b71936a3bf53857c9a65985c46da
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250524/63c5b233/attachment.htm>