golang-github-gomarkdown-markdown - Debian Package Tracker

general

source: golang-github-gomarkdown-markdown (main)
version: 0.0~git20231115.a660076-1
maintainer: Debian Go Packaging Team (DMD)
uploaders: Anthony Fok [DMD]
arch: all
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.0~git20220731.dcdaee8-2
stable: 0.0~git20231115.a660076-1
testing: 0.0~git20231115.a660076-1
unstable: 0.0~git20231115.a660076-1

versioned links

0.0~git20220731.dcdaee8-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.0~git20231115.a660076-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

golang-github-gomarkdown-markdown-dev

action needed

A new upstream version is available: 0.0~git20260417.7d523f7 high

A new upstream version 0.0~git20260417.7d523f7 is available, you should consider packaging it.

Created: 2025-11-26 Last update: 2026-04-25 16:30

2 security issues in trixie high

There are 2 open security issues in trixie.

1 important issue:

CVE-2026-40890: The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with commit 759bbc3e32073c3bc4e25969c132fc520eda2778.

1 issue left for the package maintainer to handle:

CVE-2024-44337: (needs triaging) The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.

You can find information about how to handle this issue in the security team's documentation.

Created: 2024-10-18 Last update: 2026-04-22 17:00

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2024-44337: The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.
CVE-2026-40890: The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with commit 759bbc3e32073c3bc4e25969c132fc520eda2778.

Created: 2024-10-18 Last update: 2026-04-22 17:00

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2024-44337: The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.
CVE-2026-40890: The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with commit 759bbc3e32073c3bc4e25969c132fc520eda2778.

Created: 2025-08-09 Last update: 2026-04-22 17:00

3 security issues in bookworm high

There are 3 open security issues in bookworm.

1 important issue:

CVE-2026-40890: The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with commit 759bbc3e32073c3bc4e25969c132fc520eda2778.

2 issues left for the package maintainer to handle:

CVE-2023-42821: (needs triaging) The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue.
CVE-2024-44337: (needs triaging) The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-09-24 Last update: 2026-04-22 17:00

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2022-08-16 Last update: 2023-02-02 01:03

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.6.2).

Created: 2024-04-07 Last update: 2026-03-31 15:01

news

[rss feed]

[2023-12-24] golang-github-gomarkdown-markdown 0.0~git20231115.a660076-1 MIGRATED to testing (Debian testing watch)
[2023-12-20] Accepted golang-github-gomarkdown-markdown 0.0~git20231115.a660076-1 (source) into unstable (Anthony Fok)
[2022-08-18] golang-github-gomarkdown-markdown 0.0~git20220731.dcdaee8-2 MIGRATED to testing (Debian testing watch)
[2022-08-16] Accepted golang-github-gomarkdown-markdown 0.0~git20220731.dcdaee8-2 (source) into unstable (Anthony Fok)
[2022-08-16] Accepted golang-github-gomarkdown-markdown 0.0~git20220731.dcdaee8-1 (source all) into unstable, unstable (Debian FTP Masters) (signed by: Anthony Fok)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.0~git20231115.a660076-1