Package "libcmark-gfm-dev"
| Name: |
libcmark-gfm-dev
|
Description: |
CommonMark GitHub flavor gfm library dev files
|
| Latest version: |
0.29.0.gfm.6-6ubuntu0.24.10.1 |
| Release: |
oracular (24.10) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
cmark-gfm |
| Homepage: |
https://github.com/github/cmark |
Links
Download "libcmark-gfm-dev"
Other versions of "libcmark-gfm-dev" in Oracular
Changelog
|
cmark-gfm (0.29.0.gfm.6-6ubuntu0.24.10.1) oracular-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2023-22483-01.patch: Fix GHSL-2022-091: use
growable array rather than appending to a singly-linked-list
for better efficiency
- debian/patches/CVE-2023-22483-02.patch: Fix quadratic behavior
when parsing emphasis
- debian/patches/CVE-2023-22483-03.patch: Add a flag to avoid
quadratic loop in try_opening_table_header
- debian/patches/CVE-2023-22483-04.patch: Refactor cell append code
into a separate function
- debian/patches/CVE-2023-22483-05.patch: Fix GHSL-2022-099: avoid
quadratic behavior triggered by urls with underscores
- debian/patches/CVE-2023-22483-06.patch: Avoid quadratic output
growth with reference links
- debian/patches/CVE-2023-22483-07.patch: Pre-compute number of
opening/closing parens to avoid quadratic behavior
- debian/patches/CVE-2023-22483-08.patch: Stop searching at the
previous offset to prevent quadratic behavior
- debian/patches/CVE-2023-22483-09.patch: Stop scanning at '<'
character to avoid quadratic loop
- debian/patches/CVE-2023-22483-10.patch: Fix quadratic behavior
with smart quotes
- debian/patches/CVE-2023-22483-11.patch: Always remove delimiters
to avoid quadratic behavior
- debian/patches/CVE-2023-22483-12.patch: Fix memory leak in
row_from_string
- debian/patches/CVE-2023-22483-13.patch: Make sure that the chunk
metadata is always initialized correctly
- debian/patches/CVE-2023-22483-14.patch: Add registration mechanism
for custom node flags
- debian/patches/CVE-2023-22483-15.patch: Update src/node.c
- debian/patches/CVE-2023-22483-16.patch: Fix parsing of emphasis
before links
- debian/patches/CVE-2023-22483-17.patch: Fix quadratic behavior
when parsing inlines
- debian/patches/CVE-2023-22484-1.patch: Fix quadratic behavior with
inline HTML
- debian/patches/CVE-2023-22484-2.patch: Update HTML comment scanner
- debian/patches/CVE-2023-22484-3.patch: Fixed HTML comment scanning
- debian/patches/CVE-2023-22484-4.patch: Fix quadratic parsing issue
with repeated `<!--`
- debian/patches/CVE-2023-22484-5.patch: Add pathological test for
repeated '<!--'
- debian/patches/CVE-2023-22484-6.patch: Fix indentation
- debian/patches/CVE-2023-22486-1.patch: Fix quadratic complexity bug
- debian/patches/CVE-2023-22486-2.patch: Add new pathological test for
pattern "![[]()"*n
- debian/patches/CVE-2023-26485-1.patch: Ignore nested STRONGs during
rendering
- debian/patches/CVE-2023-26485-2.patch: Update expected output
- debian/patches/CVE-2023-26485-3.patch: Add MAX_INDENT for xml
- debian/patches/CVE-2023-26485-4.patch: Fix quadratic performance issue
in list numbering
- debian/patches/CVE-2023-26485-5.patch: Add ancestor_extension field
- debian/patches/CVE-2023-26485-6.patch: Remove dead code
- CVE-2023-22483
- CVE-2023-22484
- CVE-2023-22486
- CVE-2023-26485
-- Bruce Cable <email address hidden> Fri, 28 Feb 2025 13:12:15 +1100
|
| CVE-2023-22483 |
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to sever |
| CVE-2023-22484 |
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a pol |
| CVE-2023-22486 |
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomia |
| CVE-2023-26485 |
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may |
|
About
-
Send Feedback to @ubuntu_updates
