[Git][security-tracker-team/security-tracker][master] Add CVE-2026-30838/php-league-commonmark

Tue Mar 10 07:23:05 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a4599c1f by Salvatore Bonaccorso at 2026-03-10T08:20:18+01:00
Add CVE-2026-30838/php-league-commonmark

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -469,7 +469,10 @@ CVE-2026-30850 (Parse Server is an open source backend that can be deployed to a
 CVE-2026-30848 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2026-30838 (league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, th ...)
-	TODO: check
+	- php-league-commonmark 2.8.1-1
+	NOTE: https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f
+	NOTE: Regression test: https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a (2.8.1)
+	NOTE: Fixed by: https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6 (2.8.1)
 CVE-2026-30834 (PinchTab is a standalone HTTP server that gives AI agents direct contr ...)
 	NOT-FOR-US: PinchTab
 CVE-2026-30832 (Soft Serve is a self-hostable Git server for the command line. From ve ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4599c1f09a55b5c8afc0884735b52301f6c2b65

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4599c1f09a55b5c8afc0884735b52301f6c2b65
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260310/dec95c00/attachment.htm>
