Overview

File _patchinfo of Package patchinfo.15949

<patchinfo incident="15949">
  <issue tracker="bnc" id="1171379">VUL-0: CVE-2020-11888: python-markdown2:  Unsanitized input allows for cross-site scripting (XSS)</issue>
  <issue tracker="bnc" id="1183171">VUL-0: CVE-2021-26813: python-markdown2: Regular expression denial of service</issue>
  <issue tracker="bnc" id="1181270">python: 15 python packages fail to build in openSUSE:Backports</issue>
  <issue tracker="cve" id="2021-26813"/>
  <packager>dirkmueller</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python-markdown2</summary>
  <description>This update for python-markdown2 fixes the following issues:

Update to 2.4.0 (boo#1181270):

  - [pull #377] Fixed bug breaking strings elements in metadata lists
  - [pull #380] When rendering fenced code blocks, also add the
    language-LANG class
  - [pull #387] Regex DoS fixes (CVE-2021-26813, boo#1183171)

- Switch off failing tests (gh#trentm/python-markdown2#388),
  ignore failing test suite.

update to 2.3.9:

  - [pull #335] Added header support for wiki tables
  - [pull #336] Reset _toc when convert is run
  - [pull #353] XSS fix
  - [pull #350] XSS fix

- Add patch to fix unsanitized input for cross-site scripting (boo#1171379)

This update was imported from the openSUSE:Leap:15.2:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places