[Git][security-tracker-team/security-tracker][master] 2 commits: Update tag for introducing commit for CVE-2025-68142

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun May 31 14:19:24 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
abdef4d1 by Matheus Polkorny at 2026-05-31T09:59:26-03:00
Update tag for introducing commit for CVE-2025-68142

- - - - -
323bb1a0 by Salvatore Bonaccorso at 2026-05-31T15:19:20+02:00
Merge branch 'master' into 'master'

Update tag for introducing commit for CVE-2025-68142

See merge request security-tracker-team/security-tracker!305
- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -85346,9 +85346,10 @@ CVE-2025-68146 (filelock is a platform-independent file lock for Python. In vers
 CVE-2025-68142 (PyMdown Extensions is a set of extensions for the `Python-Markdown` ma ...)
 	- pymdown-extensions 10.13-4 (bug #1123672)
 	[trixie] - pymdown-extensions <no-dsa> (Minor issue)
-	[bookworm] - pymdown-extensions <no-dsa> (Minor issue)
+	[bookworm] - pymdown-extensions <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-r6h4-mm7h-8pmq
 	NOTE: Fixed by: https://github.com/facelessuser/pymdown-extensions/commit/b50d15a56850ed1408a284bba81cc019c6bd72e8 (10.16.1)
+	NOTE: Introduced by: https://github.com/facelessuser/pymdown-extensions/commit/2c7f8c02c6195d991d4d181665f7cd57cb95a649 (10.12)
 CVE-2025-68130 (tRPC allows users to build and consume fully typesafe APIs without sch ...)
 	NOT-FOR-US: Next.js
 CVE-2025-68116 (FileRise is a self-hosted web file manager / WebDAV server. Versions p ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0735fe095e7d8344660e9863640eb0e6edbddcb7...323bb1a06d4a62117b6164f8429f6dae06865fcc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0735fe095e7d8344660e9863640eb0e6edbddcb7...323bb1a06d4a62117b6164f8429f6dae06865fcc
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260531/d8db2a97/attachment.htm>

More information about the debian-security-tracker-commits mailing list