Summary: | <dev-python/markdown2-2.3.9: Multiple vulnerabilities (CVE-2018-5773, CVE-2020-11888) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | maksbotan, mgorny, python |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
=dev-python/markdown2-2.3.9
|
Runtime testing required: | --- |
Description
Sam James
2020-04-20 16:53:47 UTC
(In reply to Sam James (sec padawan) from comment #0) > 1) CVE-2020-11888 > > Description: > "python-markdown2 through 2.3.8 allows XSS because element names are > mishandled unless a \w+ match succeeds. For example, an attack might use > elementname@ or elementname- with an onclick attribute." > We are pending a patch for this. (In reply to Sam James (sec padawan) from comment #1) > (In reply to Sam James (sec padawan) from comment #0) > > 1) CVE-2020-11888 > > > > Description: > > "python-markdown2 through 2.3.8 allows XSS because element names are > > mishandled unless a \w+ match succeeds. For example, an attack might use > > elementname@ or elementname- with an onclick attribute." > > > > We are pending a patch for this. Do you mean that it's not yet fixed upstream? Should I bump to 2.3.8 anyway or wait for it? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=000222a4a757c3321995860b56265c66116881ee commit 000222a4a757c3321995860b56265c66116881ee Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-04-21 09:16:06 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-04-21 09:16:33 +0000 dev-python/markdown2: Bump to 2.3.8 Bug: https://bugs.gentoo.org/718656 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/markdown2/Manifest | 1 + dev-python/markdown2/markdown2-2.3.8.ebuild | 30 +++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) Let us know when ready for stabilisation. 2.3.9 seems to address all the issues now. I'll add CC-ARCHES now but please remove/let me know if any objections. amd64 stable x86 stable. Maintainer(s), please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a44a4d2325ac35481227ddff0aea43e0edd34ee2 commit a44a4d2325ac35481227ddff0aea43e0edd34ee2 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-06-20 00:47:47 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-20 00:47:47 +0000 dev-python/markdown2: drop vulnerable Bug: https://bugs.gentoo.org/718656 Signed-off-by: Aaron Bauman <bman@gentoo.org> dev-python/markdown2/Manifest | 2 -- dev-python/markdown2/markdown2-2.3.0.ebuild | 32 ----------------------------- dev-python/markdown2/markdown2-2.3.8.ebuild | 30 --------------------------- 3 files changed, 64 deletions(-) |