[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2026-48988

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jun 28 19:38:13 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4027028c by Salvatore Bonaccorso at 2026-06-28T20:37:39+02:00
Track fixed version via unstable for CVE-2026-48988

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6858,7 +6858,7 @@ CVE-2026-48990 (joserfc is a Python library that provides an implementation of s
 CVE-2026-48989 (Windows-MCP is an open-source project that integrates AI agents with W ...)
 	NOT-FOR-US: Windows-MCP
 CVE-2026-48988 (markdown-it is a Markdown parser. Versions 14.1.1 and below contain a  ...)
-	- node-markdown-it <unfixed> (bug #1140349)
+	- node-markdown-it 22.2.3+dfsg+~12.2.3-5 (bug #1140349)
 	[trixie] - node-markdown-it <no-dsa> (Minor issue)
 	NOTE: https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6v5v-wf23-fmfq
 	NOTE: https://github.com/markdown-it/markdown-it/commit/9ce2087562c45d1e5ddd9f76b990f4b3fbe040e5 (14.2.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4027028cefe4b40520574cdf93eb880799e8750b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4027028cefe4b40520574cdf93eb880799e8750b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260628/b4dd2a71/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list