Описание
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cmark-gfm | fixed | 0.29.0.gfm.13-1 | package | |
| cmark-gfm | ignored | bookworm | package | |
| cmark-gfm | no-dsa | bullseye | package | |
| cmark-gfm | no-dsa | buster | package | |
| python-cmarkgfm | fixed | 2024.11.20-1 | package | |
| python-cmarkgfm | no-dsa | bookworm | package | |
| python-cmarkgfm | no-dsa | bullseye | package | |
| python-cmarkgfm | no-dsa | buster | package | |
| r-cran-commonmark | fixed | 1.9.0-1 | package | |
| r-cran-commonmark | ignored | bookworm | package | |
| r-cran-commonmark | no-dsa | bullseye | package | |
| r-cran-commonmark | no-dsa | buster | package | |
| ruby-commonmarker | fixed | 0.23.10-1 | package | |
| ruby-commonmarker | ignored | bookworm | package | |
| ruby-commonmarker | no-dsa | bullseye | package | |
| ruby-commonmarker | no-dsa | buster | package |
Примечания
https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p
https://github.com/github/cmark-gfm/commit/ece074cc3378f7a8dec0395f00123e9fa6981f7b (0.29.0.gfm.7)
https://github.com/theacodes/cmarkgfm/commit/acf473a51a9dc3a4fd6d6a4b30e4d80c94d91d4a (2024.1.14)
r-cran-commonmark: https://github.com/r-lib/commonmark/commit/e7a1703cf293eaa898e6f0cf07d278cfb05590eb (v1.9.0)
Связанные уязвимости
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.
