[SECURITY] Fedora 37 Update: rust-comrak-0.18.0-1.fc37

A 100% CommonMark-compatible GitHub Flavored Markdown parser and formatter...

[SECURITY] Fedora 38 Update: rust-comrak-0.18.0-1.fc38

A 100% CommonMark-compatible GitHub Flavored Markdown parser and formatter...

Fedora 37 : rust-askama / rust-askama_shared / rust-comrak (2023-e9243281cb)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-e9243281cb advisory. - Update comrak to version 0.18.0. - Disable the unused markdown support in askama and askamashared crates, which depends on an ancient version of...

Fedora 36 : rust-askama / rust-askama_shared / rust-comrak (2023-b37722768e)

The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-b37722768e advisory. - Update comrak to version 0.18.0. - Disable the unused markdown support in askama and askamashared crates, which depends on an ancient version of...

Fedora 38 : rust-askama / rust-askama_shared / rust-comrak (2023-035d5910b9)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-035d5910b9 advisory. - Update comrak to version 0.18.0. - Disable the unused markdown support in askama and askamashared crates, which depends on an ancient version of...

CVE-2023-24824 Quadratic complexity may lead to a denial of service in cmark-gfm

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads...

CVE-2023-24824

CVE-2023-24824 affects cmark-gfm (GitHub’s fork of cmark) in C, where quadratic/polynomial parsing complexity can exhaust resources and cause DoS when processing inputs that begin with many ‘>’ or ‘-’. The issue is mitigated by upgrading to upstream 0.29.0.gfm.10; downstream ecosystems (e.g., ...

CVE-2023-24824 Quadratic complexity may lead to a denial of service in cmark-gfm

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads...

CVE-2023-24824

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads...

cmark-gfm 资源管理错误漏洞

cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version with a canonical Markdown syntax. A resource management error vulnerability exists in cmark-gfm. An attacker could exploit this vulnerability to cause unlimited resource exhaustion and...

Fedora: Security Advisory for python-markdown-it-py (FEDORA-2023-c3fb6d6b8d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: python-markdown-it-py-2.2.0-1.fc37

Markdown parser done right. Its features: Follows the CommonMark spec for baseline parsing. Has configurable syntax: you can add new rules and even replace existing ones. Pluggable: Adds syntax extensions to extend the parser. High speed & safe by default...

[SECURITY] Fedora 38 Update: python-markdown-it-py-2.2.0-1.fc38

Markdown parser done right. Its features: Follows the CommonMark spec for baseline parsing. Has configurable syntax: you can add new rules and even replace existing ones. Pluggable: Adds syntax extensions to extend the parser. High speed & safe by default...

Fedora: Security Advisory for python-markdown-it-py (FEDORA-2023-8ff3ba5fb5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-28626

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Use...

CVE-2023-28631 Attacker controlled data in AST nodes is not validated in comrak

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML...

CVE-2023-28631 Attacker controlled data in AST nodes is not validated in comrak

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML...

CVE-2023-28631 Attacker controlled data in AST nodes is not validated in comrak

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML...

SUSE CVE-2023-22486

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handleclosebracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has...

CVE-2023-22486

The CVE-2023-22486 issue affects cmark-gfm (GitHub’s fork of cmark). Versions prior to 0.29.0.gfm.7 contain a polynomial-time complexity bug in handle_close_bracket that can lead to unbounded resource exhaustion and denial of service. The vulnerability is explicitly noted as patched in 0.29.0.gfm...