Updated cmark packages fix security vulnerability
Publication date: 21 May 2023Modification date: 21 May 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-22484 , CVE-2023-22486
Description
cmark incorrectly handled certain inputs. Fixes quadratic complexity in handle_close_bracket "![[]()" which may lead to a denial of service (CVE-2023-22486). Noting that this also fixes a quadratic parsing issue with repeated comment tags that was not in a released product but which was assigned a CVE (CVE-2023-22484).
References
- https://bugs.mageia.org/show_bug.cgi?id=31885
- https://lists.suse.com/pipermail/sle-security-updates/2023-May/014722.html
- https://github.com/commonmark/cmark/releases/tag/0.30.3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22484
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22486
SRPMS
8/core
- cmark-0.30.3-1.mga8