Security update for python-markdown2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0451-1 Final 1 1 2021-03-19T23:06:22Z current 2021-03-19T23:06:22Z 2021-03-19T23:06:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-markdown2 This update for python-markdown2 fixes the following issues: Update to 2.4.0 (boo#1181270): - [pull #377] Fixed bug breaking strings elements in metadata lists - [pull #380] When rendering fenced code blocks, also add the language-LANG class - [pull #387] Regex DoS fixes (CVE-2021-26813, boo#1183171) - Switch off failing tests (gh#trentm/python-markdown2#388), ignore failing test suite. update to 2.3.9: - [pull #335] Added header support for wiki tables - [pull #336] Reset _toc when convert is run - [pull #353] XSS fix - [pull #350] XSS fix - Add patch to fix unsanitized input for cross-site scripting (boo#1171379) This update was imported from the openSUSE:Leap:15.2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-451 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4AZ6CPAAHWZ74LZWHDSAXWA6O2HYCKU3/ E-Mail link for openSUSE-SU-2021:0451-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1171379 SUSE Bug 1171379 https://bugzilla.suse.com/1181270 SUSE Bug 1181270 https://bugzilla.suse.com/1183171 SUSE Bug 1183171 https://www.suse.com/security/cve/CVE-2021-26813/ SUSE CVE CVE-2021-26813 page SUSE Package Hub 15 SP2 python2-markdown2-2.4.0-bp152.2.4.1 python3-markdown2-2.4.0-bp152.2.4.1 python2-markdown2-2.4.0-bp152.2.4.1 as a component of SUSE Package Hub 15 SP2 python3-markdown2-2.4.0-bp152.2.4.1 as a component of SUSE Package Hub 15 SP2 markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time. CVE-2021-26813 SUSE Package Hub 15 SP2:python2-markdown2-2.4.0-bp152.2.4.1 SUSE Package Hub 15 SP2:python3-markdown2-2.4.0-bp152.2.4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4AZ6CPAAHWZ74LZWHDSAXWA6O2HYCKU3/ https://www.suse.com/security/cve/CVE-2021-26813.html CVE-2021-26813 https://bugzilla.suse.com/1183171 SUSE Bug 1183171