r-cran-commonmark - Debian Package Tracker

general

source: r-cran-commonmark (main)
version: 1.8.0-1
maintainer: Debian R Packages Maintainers (archive) (DMD) (LowNMU)
uploaders: Andreas Tille [DMD]
arch: any
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.7-1
stable: 1.7-2
testing: 1.8.0-1
unstable: 1.8.0-1

versioned links

1.7-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.7-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.8.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

r-cran-commonmark

action needed

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.8.0-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 0a7d7fb3df87a749581dd5d31d2919ef974b808c
Author: Andreas Tille <tille@debian.org>
Date:   Wed Mar 9 20:49:48 2022 +0100

    Disable reprotest

Created: 2022-03-01 Last update: 2022-06-28 23:40

2 low-priority security issues in buster low

There are 2 open security issues in buster.

2 issues left for the package maintainer to handle:

CVE-2020-5238: (needs triaging) The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.
CVE-2022-24724: (needs triaging) cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2022-06-17 18:01

2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

2 issues left for the package maintainer to handle:

CVE-2020-5238: (needs triaging) The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.
CVE-2022-24724: (needs triaging) cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-08-14 Last update: 2022-06-17 18:01

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-06-03 Last update: 2018-06-03 02:46

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-05-11 23:24

news

[rss feed]

[2022-03-12] r-cran-commonmark 1.8.0-1 MIGRATED to testing (Debian testing watch)
[2022-03-09] Accepted r-cran-commonmark 1.8.0-1 (source) into unstable (Andreas Tille)
[2020-09-05] r-cran-commonmark 1.7-2 MIGRATED to testing (Debian testing watch)
[2020-09-02] Accepted r-cran-commonmark 1.7-2 (source) into unstable (Andreas Tille)
[2018-12-08] r-cran-commonmark 1.7-1 MIGRATED to testing (Debian testing watch)
[2018-12-05] Accepted r-cran-commonmark 1.7-1 (source) into unstable (Andreas Tille)
[2018-10-06] r-cran-commonmark 1.6-1 MIGRATED to testing (Debian testing watch)
[2018-10-04] Accepted r-cran-commonmark 1.6-1 (source) into unstable (Dylan Aïssi)
[2018-06-13] r-cran-commonmark 1.5-1 MIGRATED to testing (Debian testing watch)
[2018-05-30] Accepted r-cran-commonmark 1.5-1 (source amd64) into unstable, unstable (Andreas Tille)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.8.0-1