Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted python-cmarkgfm 2024.11.20-1 (source) into unstable
Date: Wed, 23 Apr 2025 10:19:10 +0000
Signed by: Colin Watson <cjwatson@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 23 Apr 2025 10:54:43 +0100
Source: python-cmarkgfm
Architecture: source
Version: 2024.11.20-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 1033111 1034172 1034887 1041098 1072833
Changes:
 python-cmarkgfm (2024.11.20-1) unstable; urgency=medium
 .
   * Team upload.
   * d/watch: Switch back to PyPI, since its tarballs include submodule
     contents.
   * New upstream release (closes: #1072833):
     - CVE-2022-39209: Remove polynomial time complexity in autolink
       extension (closes: #1034887).
     - CVE-2023-22483: Quadratic complexity bugs may lead to a denial of
       service.
     - CVE-2023-22484: Quadratic complexity bug in handle_pointy_brace may
       lead to a denial of service.
     - CVE-2023-22485: Out-of-bounds read in validate_protocol.
     - CVE-2023-22486: Quadratic complexity bug in handle_close_bracket may
       lead to a denial of service (closes: #1033111).
     - CVE-2023-24824, CVE-2023-26485: Fix quadratic behavior in rendering
       (closes: #1034172).
     - CVE-2023-37463: Quadratic complexity bugs may lead to a denial of
       service (closes: #1041098).
Checksums-Sha1:
 c563f27061bc704780155ef3a5c679c873dcc7a8 2354 python-cmarkgfm_2024.11.20-1.dsc
 70fc743fdd846c674cce465fa22808dfa9b633f7 146799 python-cmarkgfm_2024.11.20.orig.tar.gz
 a0d8930a534cdb13375da1aff98d87ed1d312151 5260 python-cmarkgfm_2024.11.20-1.debian.tar.xz
Checksums-Sha256:
 fd871cc640260c2c288f37a4b0e0f467c7417311eef7668f9e4dd4a2a8566d7a 2354 python-cmarkgfm_2024.11.20-1.dsc
 5dd01cf61975a8a57213cdef5ed870e936032f13fe93d60ddf659ffb9cf73c6a 146799 python-cmarkgfm_2024.11.20.orig.tar.gz
 ee4b9d0725a6fc51cd4f8c01fad94e50a322dc48300f07ed54850be6c41fb2b0 5260 python-cmarkgfm_2024.11.20-1.debian.tar.xz
Files:
 c997cd033350e5af9a57fddd00990e74 2354 python optional python-cmarkgfm_2024.11.20-1.dsc
 669ad7aff2f7706f754c627188f343a9 146799 python optional python-cmarkgfm_2024.11.20.orig.tar.gz
 8b9609459fb00fef095abb23c398fd35 5260 python optional python-cmarkgfm_2024.11.20-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmgIuR0ACgkQOTWH2X2G
UAtMwhAAtji8U+B+g/hg4yBBlzWS1IvJMb7iSPfpFBpW374oDIVg2cUePHKlgErX
jGY35FSBEZ6MN6Bveeb7W0H3yWFWsGUeGOtjypOTDPDoP0ZW1P9B9phOn4+abzNU
1o0NiPdA+fzIstOMF3AmnBPuMbsG0lFgWK0IJFRAl3Smpd4OVLkYSvUfZkETXF2s
W/cht1bjrCw1VAx1vv/CEuv8f0Z/PvHSBrFLDVnqxZqzCrZ8nYNK7xfD7wTs3Zjx
RfVKQOv8yEE0YULY+6MEHlPJcajrH3CaoASeVqFwemJK810gUdBj+v5kWA/zJkzk
UCAH/B9K5+GyXhabk/EYQULWT4XF4faaj9PIbhTyGk2LP6QGMdccTPvNfkylolu4
Fl/3HSt331/CEdk/4gcmm93Wfittlil7tABsK0MeMwzFaCwfBzL6pnMDlf+J2hZC
2BDZAAmyNbuACYmbdOzGCnH8DJ6cZmhf4jSakXtBimD495Id5MN6yU956xyTFqDr
c4oLI/hUnQFgGOVmDnBM10vWO9WBsDd4rnfEh8mZjFFU1AZgIhI0N9IMboS0dqny
pne/l/aYs1BaL18dNihJbj/GPmS0/IXpVMPNAMn0/JiJugAnq1TxT0QaSBRMnJuq
PC2eNbh5XULvGmHLnmZ9n5HScKc+c/h9+kLIRr9lryyKcTlUc3E=
=pAuk
-----END PGP SIGNATURE-----
News for package python-cmarkgfm
