View | Details | Raw Unified | Return to bug 280956 | Differences between
and this patch

Collapse All | Expand All

(-)b/security/vuxml/vuln/2024.xml (+28 lines)
Lines 1-3 Link Here
1 
  <vuln vid="c3f5deb6-5f50-11ef-af54-a8a15998b5cb">
2 
    <topic>md4c_project -- Denial of service via a malformed Markdown document</topic>
3 
    <affects>
4 
      <package>
5 
	<name>md4c</name>
6 
	<range><eq>0.4.7</eq></range>
7 
      </package>
8 
    </affects>
9 
    <description>
10 
	<body xmlns="http://www.w3.org/1999/xhtml">
11 
	<p>cve@mitre.org reports:</p>
12 
	<blockquote cite="https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19">
13 
	  <p>md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger
14 
	use of uninitialized memory, and cause a denial of service via a
15 
	malformed Markdown document.</p>
16 
	</blockquote>
17 
	</body>
18 
    </description>
19 
    <references>
20 
      <cvename>CVE-2021-30027</cvename>
21 
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-30027</url>
22 
    </references>
23 
    <dates>
24 
      <discovery>2021-04-29</discovery>
25 
      <entry>2024-08-21</entry>
26 
    </dates>
27 
  </vuln>
28 

            

        

          1
          
  <vuln vid="04c9c3f8-5ed3-11ef-8262-b0416f0c4c67">

          29
          
  <vuln vid="04c9c3f8-5ed3-11ef-8262-b0416f0c4c67">

        

        

          2
          
    <topic>Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter</topic>

          30
          
    <topic>Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter</topic>

        

        

          3
          
    <affects>

          31
          
    <affects>

        



(-)b/textproc/md4c/Makefile
      (-3 / +4 lines)




  

    
      
            Lines 1-18
          
      
      
        Link Here
      
    
  

        

          1
          
PORTNAME=	md4c

          1
          
PORTNAME=	md4c

        

        

          2
          
DISTVERSIONPREFIX=	release-

          2
          
DISTVERSIONPREFIX=	release-

        

          
            

              3
              
DISTVERSION=	0.4.7


              3
              
DISTVERSION=	0.5.2

            

        

          4
          
CATEGORIES=	textproc

          4
          
CATEGORIES=	textproc

        

        

          5
          

          5
          

        

        

          6
          
MAINTAINER=	rosenke@dssgmbh.de

          6
          
MAINTAINER=	rosenke@dssgmbh.de

        

        

          7
          
COMMENT=	Markdown Parser written in C

          7
          
COMMENT=	Markdown Parser written in C

        

          
            

              8
              
WWW=		https://github.com/mity/md4c


              8
              
WWW=		https://github.com/mity/md4c/

            

        

          9
          

          9
          

        

        

          10
          
LICENSE=	MIT

          10
          
LICENSE=	MIT

        

            

              
              
              11
              
LICENSE_FILE=	${WRKSRC}/LICENSE.md

            

        

          11
          

          12
          

        

        

          12
          
USES=		cmake cpe

          13
          
USES=		cmake cpe

        

        

          13
          
CPE_VENDOR=	${PORTNAME}_project

          14
          
CPE_VENDOR=	${PORTNAME}_project

        

            

              14
              
USE_LDCONFIG=	yes

              
              
            

        

          15
          
USE_GITHUB=	yes

          15
          
USE_GITHUB=	yes

        

        

          16
          
GH_ACCOUNT=	mity

          16
          
GH_ACCOUNT=	mity

        

            

              
              
              17
              
USE_LDCONFIG=	yes

            

        

          17
          

          18
          

        

        

          18
          
.include <bsd.port.mk>

          19
          
.include <bsd.port.mk>

        



(-)b/textproc/md4c/distinfo
      (-3 / +3 lines)




  

    
      
            Lines 1-3
          
      
      
        Link Here
      
    
  

          
            

              1
              
TIMESTAMP = 1613558190


              1
              
TIMESTAMP = 1724194987

            

            

              2
              
SHA256 (mity-md4c-release-0.4.7_GH0.tar.gz) = f1b12d7aeb64fcbc7092c832e1a8b137102fec168961c87222fa599aedc19035


              2
              
SHA256 (mity-md4c-release-0.5.2_GH0.tar.gz) = 55d0111d48fb11883aaee91465e642b8b640775a4d6993c2d0e7a8092758ef21

            

            

              3
              
SIZE (mity-md4c-release-0.4.7_GH0.tar.gz) = 228223


              3
              
SIZE (mity-md4c-release-0.5.2_GH0.tar.gz) = 237973

            



(-)b/textproc/md4c/pkg-plist
      (-5 / +2 lines)




  

    
      
            Lines 1-16
          
      
      
        Link Here
      
    
  

        

          1
          
bin/md2html

          1
          
bin/md2html

        

        

          2
          
include/md4c-html.h

          2
          
include/md4c-html.h

        

        

          3
          
include/md4c.h

          3
          
include/md4c.h

        

            

              4
              
lib/cmake/md4c-html/md4cHtmlConfig-%%CMAKE_BUILD_TYPE%%.cmake

              
              
            

            

              5
              
lib/cmake/md4c-html/md4cHtmlConfig.cmake

            

        

          6
          
lib/cmake/md4c/md4cConfig-%%CMAKE_BUILD_TYPE%%.cmake

          4
          
lib/cmake/md4c/md4cConfig-%%CMAKE_BUILD_TYPE%%.cmake

        

        

          7
          
lib/cmake/md4c/md4cConfig.cmake

          5
          
lib/cmake/md4c/md4cConfig.cmake

        

        

          8
          
lib/libmd4c-html.so

          6
          
lib/libmd4c-html.so

        

        

          9
          
lib/libmd4c-html.so.0

          7
          
lib/libmd4c-html.so.0

        

          
            

              10
              
lib/libmd4c-html.so.0.4.7


              8
              
lib/libmd4c-html.so.0.5.2

            

        

          11
          
lib/libmd4c.so

          9
          
lib/libmd4c.so

        

        

          12
          
lib/libmd4c.so.0

          10
          
lib/libmd4c.so.0

        

          
            

              13
              
lib/libmd4c.so.0.4.7


              11
              
lib/libmd4c.so.0.5.2

            

        

          14
          
libdata/pkgconfig/md4c-html.pc

          12
          
libdata/pkgconfig/md4c-html.pc

        

        

          15
          
libdata/pkgconfig/md4c.pc

          13
          
libdata/pkgconfig/md4c.pc

        

        

          16
          
share/man/man1/md2html.1.gz

          14
          
share/man/man1/md2html.1.gz

        

            

              17
              
- 

              
              
            






  

  Return to bug 280956