openSUSE-SU-2021:0429-1

Опубликовано: 16 мар. 2021

Источник: suse-cvrf

Описание

Security update for python-markdown2

This update for python-markdown2 fixes the following issues:

Update to 2.4.0 (boo#1181270):

[pull #377] Fixed bug breaking strings elements in metadata lists
[pull #380] When rendering fenced code blocks, also add the language-LANG class
[pull #387] Regex DoS fixes (CVE-2021-26813, boo#1183171)
Switch off failing tests (gh#trentm/python-markdown2#388), ignore failing test suite.

update to 2.3.9:

[pull #335] Added header support for wiki tables
[pull #336] Reset _toc when convert is run
[pull #353] XSS fix
[pull #350] XSS fix
Add patch to fix unsanitized input for cross-site scripting (boo#1171379)

Список пакетов

openSUSE Leap 15.2

python2-markdown2-2.4.0-lp152.2.3.1

python3-markdown2-2.4.0-lp152.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3VPKRS46KKKFGLEDJJ7ZX2EZVNE5567H/
E-Mail link for openSUSE-SU-2021:0429-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1171379
SUSE Bug 1171379
https://bugzilla.suse.com/1181270
SUSE Bug 1181270
https://bugzilla.suse.com/1183171
SUSE Bug 1183171
https://www.suse.com/security/cve/CVE-2021-26813/
SUSE CVE CVE-2021-26813 page

Описание

markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.

Затронутые продукты

openSUSE Leap 15.2:python2-markdown2-2.4.0-lp152.2.3.1

openSUSE Leap 15.2:python3-markdown2-2.4.0-lp152.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-26813.html
CVE-2021-26813
https://bugzilla.suse.com/1183171
SUSE Bug 1183171

openSUSE-SU-2021:0429-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-26813

Описание

Затронутые продукты

Ссылки