UbuntuUpdates.org

Package "ruby-kramdown"

Name: ruby-kramdown

Description:

Fast, pure-Ruby Markdown-superset converter - ruby library

Latest version: 1.17.0-4ubuntu0.2
Release: focal (20.04)
Level: security
Repository: universe
Homepage: https://kramdown.gettalong.org

Links


Download "ruby-kramdown"


Other versions of "ruby-kramdown" in Focal

Repository Area Version
base universe 1.17.0-4
updates universe 1.17.0-4ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.17.0-4ubuntu0.2 2023-10-10 16:07:28 UTC

  ruby-kramdown (1.17.0-4ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: arbitrary class generation issue when specifying custom
    Rouge formatters.
    - debian/patches/CVE-2021-28834.patch: enforce custom Rouge formatters to
      be in the Rouge::Formatters namespace.
    - CVE-2021-28834

 -- Evan Caville <email address hidden> Wed, 04 Oct 2023 12:18:54 +1000

Source diff to previous version
CVE-2021-28834 Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.

Version: 1.17.0-4ubuntu0.1 2020-09-30 22:06:17 UTC

  ruby-kramdown (1.17.0-4ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Unintended read access
    - debian/patches/CVE-2020-14001.patch: Add option
      forbidden_inline_options. By default, the template option is now
      forbidden.
    - CVE-2020-14001

 -- Mike Salvatore <email address hidden> Wed, 30 Sep 2020 15:11:49 -0400

CVE-2020-14001 The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such



About   -   Send Feedback to @ubuntu_updates