SUSE Package Hub - openSUSE-2021-451

Update Info

openSUSE-2021-451

Security update for python-markdown2

Type: security

Severity: moderate

Issued: 2021-03-20

Description:

This update for python-markdown2 fixes the following issues:

Update to 2.4.0 (boo#1181270):

  - [pull #377] Fixed bug breaking strings elements in metadata lists
  - [pull #380] When rendering fenced code blocks, also add the
    language-LANG class
  - [pull #387] Regex DoS fixes (CVE-2021-26813, boo#1183171)

- Switch off failing tests (gh#trentm/python-markdown2#388),
  ignore failing test suite.

update to 2.3.9:

  - [pull #335] Added header support for wiki tables
  - [pull #336] Reset _toc when convert is run
  - [pull #353] XSS fix
  - [pull #350] XSS fix

- Add patch to fix unsanitized input for cross-site scripting (boo#1171379)

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

CVE: CVE-2021-26813
Bugzilla: 1183171 VUL-0: CVE-2021-26813: python-markdown2: Regular expression denial of service
Bugzilla: 1181270 python: 15 python packages fail to build in openSUSE:Backports
Bugzilla: 1171379 VUL-0: CVE-2020-11888: python-markdown2: Unsanitized input allows for cross-site scripting (XSS)

Packages

python-markdown2-2.4.0-bp152.2.4.1