Debian Package Tracker - python-cmarkgfm

general

source: python-cmarkgfm (main)
version: 0.4.2-1
maintainer: Debian Python Modules Team (archive) (DMD)
uploaders: Nicolas Dandrimont [DMD]
arch: any
std-ver: 4.1.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 0.4.2-1
testing: 0.4.2-1
unstable: 0.4.2-1

versioned links

0.4.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python3-cmarkgfm

action needed

lintian reports 2 errors and 2 warnings high

Lintian reports 2 errors and 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-10-22 04:34

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2020-5238: The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.

Please fix it.

Created: 2020-07-08 Last update: 2020-08-07 06:08

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2020-5238: The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.

Please fix it.

Created: 2020-07-08 Last update: 2020-08-07 06:08

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2018-09-11 Last update: 2020-10-31 16:09

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 0.4.2-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit b0bc109d3bbc9672ee29111cbff5720c3458840b
Author: Ondřej Nový <onovy@debian.org>
Date:   Thu Sep 24 08:47:07 2020 +0200

    d/control: Update Vcs-* fields with new Debian Python Team Salsa layout

commit e49f24383c51fad7be02d2779c50b8aa18b12927
Author: Ondřej Nový <onovy@debian.org>
Date:   Thu Sep 24 08:47:07 2020 +0200

    d/control: Update Maintainer field with new Debian Python Team contact address

commit b91c77c4a3f2c316892b991d30b8ff420812577a
Merge: bb29ffc 00e031e
Author: Jelmer Vernooĳ <jelmer@debian.org>
Date:   Mon Jan 13 22:02:20 2020 +0000

    Merge branch 'lintian-fixes' into 'debian/master'
    
    Fix some issues reported by lintian
    
    See merge request python-team/modules/python-cmarkgfm!1

commit 00e031eee322f2d0ec5427261ca01ba093083fc1
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Tue Jan 7 16:08:52 2020 +0000

    Update standards version to 4.1.5, no changes needed.
    
    Fixes: lintian: out-of-date-standards-version
    See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html

commit 4b8179e3adf432322fc604b4a7f6c1c1e5d198e7
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Tue Jan 7 16:08:29 2020 +0000

    Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse.
    
    Fixes: lintian: upstream-metadata-file-is-missing
    See-also: https://lintian.debian.org/tags/upstream-metadata-file-is-missing.html

commit 766547084227668d13d9290ebb8de3a50bc3c3c7
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Tue Jan 7 16:08:04 2020 +0000

    Bump debhelper from old 11 to 12.
    
    Fixes: lintian: package-uses-old-debhelper-compat-version
    See-also: https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html

commit bb29ffcf4a1b5d1e685813971744766ae1823fd9
Author: Ondřej Nový <onovy@debian.org>
Date:   Sun Aug 25 11:01:46 2019 +0200

    d/control: Fix wrong Vcs-*

commit 1b0f0c41e0bbcff1955be9085e221db1d0d7d120
Author: Ondřej Nový <onovy@debian.org>
Date:   Fri Jul 19 23:44:29 2019 +0200

    Use debhelper-compat instead of debian/compat

https://salsa.debian.org/api/v4/projects/python-team%2Fmodules%2Fpython-cmarkgfm API request failed: 404 Not Found at /srv/qa.debian.org/data/vcswatch/vcswatch line 379.

Created: 2019-07-20 Last update: 2020-10-25 01:08

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2020-5238: The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.

Please fix it.

Created: 2020-07-08 Last update: 2020-08-07 06:08

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.1.4).

Created: 2018-08-20 Last update: 2020-01-21 05:06

news

[rss feed]

[2018-05-04] python-cmarkgfm 0.4.2-1 MIGRATED to testing (Debian testing watch)
[2018-05-01] Accepted python-cmarkgfm 0.4.2-1 (source amd64) into unstable, unstable (Nicolas Dandrimont)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (2, 2)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.4.2-1build3