FreeBSD Bugzilla – Attachment 252972 Details for
Bug 280956
textproc/md4c: update 0.4.7 → 0.5.2, fix CVE
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2, fix CVE
0001-textproc-md4c-update-0.4.7-0.5.2-fix-CVE.patch (text/plain), 3.73 KB, created by
Älven
on 2024-08-21 01:53:36 UTC
(
hide
)
Description:
[PATCH] textproc/md4c: update 0.4.7 → 0.5.2, fix CVE
Filename:
MIME Type:
Creator:
Älven
Created:
2024-08-21 01:53:36 UTC
Size:
3.73 KB
patch
obsolete
>From b377433644ba7d088e1c065e02c89d3e3bf163e4 Mon Sep 17 00:00:00 2001 >From: Ãlven <alster@vinterdalen.se> >Date: Wed, 21 Aug 2024 05:50:47 +0400 >Subject: [PATCH] textproc/md4c: update 0.4.7 â 0.5.2, fix CVE >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Security: https://nvd.nist.gov/vuln/detail/CVE-2021-30027 >--- > security/vuxml/vuln/2024.xml | 28 ++++++++++++++++++++++++++++ > textproc/md4c/Makefile | 7 ++++--- > textproc/md4c/distinfo | 6 +++--- > textproc/md4c/pkg-plist | 6 ++---- > 4 files changed, 37 insertions(+), 10 deletions(-) > >diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml >index a63cbbec6d42..5235bbb4cb70 100644 >--- a/security/vuxml/vuln/2024.xml >+++ b/security/vuxml/vuln/2024.xml >@@ -1,3 +1,31 @@ >+ <vuln vid="c3f5deb6-5f50-11ef-af54-a8a15998b5cb"> >+ <topic>md4c_project -- Denial of service via a malformed Markdown document</topic> >+ <affects> >+ <package> >+ <name>md4c</name> >+ <range><eq>0.4.7</eq></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>cve@mitre.org reports:</p> >+ <blockquote cite="https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19"> >+ <p>md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger >+ use of uninitialized memory, and cause a denial of service via a >+ malformed Markdown document.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2021-30027</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2021-30027</url> >+ </references> >+ <dates> >+ <discovery>2021-04-29</discovery> >+ <entry>2024-08-21</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="04c9c3f8-5ed3-11ef-8262-b0416f0c4c67"> > <topic>Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter</topic> > <affects> >diff --git a/textproc/md4c/Makefile b/textproc/md4c/Makefile >index 4cf559046d89..c1a717a710d9 100644 >--- a/textproc/md4c/Makefile >+++ b/textproc/md4c/Makefile >@@ -1,18 +1,19 @@ > PORTNAME= md4c > DISTVERSIONPREFIX= release- >-DISTVERSION= 0.4.7 >+DISTVERSION= 0.5.2 > CATEGORIES= textproc > > MAINTAINER= rosenke@dssgmbh.de > COMMENT= Markdown Parser written in C >-WWW= https://github.com/mity/md4c >+WWW= https://github.com/mity/md4c/ > > LICENSE= MIT >+LICENSE_FILE= ${WRKSRC}/LICENSE.md > > USES= cmake cpe > CPE_VENDOR= ${PORTNAME}_project >-USE_LDCONFIG= yes > USE_GITHUB= yes > GH_ACCOUNT= mity >+USE_LDCONFIG= yes > > .include <bsd.port.mk> >diff --git a/textproc/md4c/distinfo b/textproc/md4c/distinfo >index ccbc79a2ed7e..daf87c3efb9f 100644 >--- a/textproc/md4c/distinfo >+++ b/textproc/md4c/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1613558190 >-SHA256 (mity-md4c-release-0.4.7_GH0.tar.gz) = f1b12d7aeb64fcbc7092c832e1a8b137102fec168961c87222fa599aedc19035 >-SIZE (mity-md4c-release-0.4.7_GH0.tar.gz) = 228223 >+TIMESTAMP = 1724194987 >+SHA256 (mity-md4c-release-0.5.2_GH0.tar.gz) = 55d0111d48fb11883aaee91465e642b8b640775a4d6993c2d0e7a8092758ef21 >+SIZE (mity-md4c-release-0.5.2_GH0.tar.gz) = 237973 >diff --git a/textproc/md4c/pkg-plist b/textproc/md4c/pkg-plist >index 9bd12a807141..df1a52e6f058 100644 >--- a/textproc/md4c/pkg-plist >+++ b/textproc/md4c/pkg-plist >@@ -1,16 +1,14 @@ > bin/md2html > include/md4c-html.h > include/md4c.h >-lib/cmake/md4c-html/md4cHtmlConfig-%%CMAKE_BUILD_TYPE%%.cmake >-lib/cmake/md4c-html/md4cHtmlConfig.cmake > lib/cmake/md4c/md4cConfig-%%CMAKE_BUILD_TYPE%%.cmake > lib/cmake/md4c/md4cConfig.cmake > lib/libmd4c-html.so > lib/libmd4c-html.so.0 >-lib/libmd4c-html.so.0.4.7 >+lib/libmd4c-html.so.0.5.2 > lib/libmd4c.so > lib/libmd4c.so.0 >-lib/libmd4c.so.0.4.7 >+lib/libmd4c.so.0.5.2 > libdata/pkgconfig/md4c-html.pc > libdata/pkgconfig/md4c.pc > share/man/man1/md2html.1.gz >-- >2.46.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=252972">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
alster
:
maintainer-approval?
(
rosenke
)
Actions:
View
|
Diff
Attachments on
bug 280956
:
252965
|
252967
| 252972