Debian Package Tracker
Register | Log in
Subscribe

r-cran-commonmark

high performance CommonMark and Github markdown rendering in R

Choose email to subscribe with

general
  • source: r-cran-commonmark (main)
  • version: 1.8.0-1
  • maintainer: Debian R Packages Maintainers (archive) (DMD) (LowNMU)
  • uploaders: Andreas Tille [DMD]
  • arch: any
  • std-ver: 4.6.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • oldstable: 1.7-1
  • stable: 1.7-2
  • testing: 1.8.0-1
  • unstable: 1.8.0-1
versioned links
  • 1.7-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.7-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.8.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • r-cran-commonmark
action needed
version in VCS is newer than in repository, is it time to upload? normal
vcswatch reports that this package seems to have a new changelog entry (version 1.8.0-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:
commit 0a7d7fb3df87a749581dd5d31d2919ef974b808c
Author: Andreas Tille <tille@debian.org>
Date:   Wed Mar 9 20:49:48 2022 +0100

    Disable reprotest
Created: 2022-03-01 Last update: 2022-06-28 23:40
2 low-priority security issues in buster low

There are 2 open security issues in buster.

2 issues left for the package maintainer to handle:
  • CVE-2020-5238: (needs triaging) The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.
  • CVE-2022-24724: (needs triaging) cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2022-06-17 18:01
2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

2 issues left for the package maintainer to handle:
  • CVE-2020-5238: (needs triaging) The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.
  • CVE-2022-24724: (needs triaging) cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-08-14 Last update: 2022-06-17 18:01
Build log checks report 1 warning low
Build log checks report 1 warning
Created: 2018-06-03 Last update: 2018-06-03 02:46
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).
Created: 2022-05-11 Last update: 2022-05-11 23:24
news
[rss feed]
  • [2022-03-12] r-cran-commonmark 1.8.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-03-09] Accepted r-cran-commonmark 1.8.0-1 (source) into unstable (Andreas Tille)
  • [2020-09-05] r-cran-commonmark 1.7-2 MIGRATED to testing (Debian testing watch)
  • [2020-09-02] Accepted r-cran-commonmark 1.7-2 (source) into unstable (Andreas Tille)
  • [2018-12-08] r-cran-commonmark 1.7-1 MIGRATED to testing (Debian testing watch)
  • [2018-12-05] Accepted r-cran-commonmark 1.7-1 (source) into unstable (Andreas Tille)
  • [2018-10-06] r-cran-commonmark 1.6-1 MIGRATED to testing (Debian testing watch)
  • [2018-10-04] Accepted r-cran-commonmark 1.6-1 (source) into unstable (Dylan Aïssi)
  • [2018-06-13] r-cran-commonmark 1.5-1 MIGRATED to testing (Debian testing watch)
  • [2018-05-30] Accepted r-cran-commonmark 1.5-1 (source amd64) into unstable, unstable (Andreas Tille)
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian
  • buildd: logs, checks, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.8.0-1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing