Package "kramdown"

Name:	kramdown
Description:	Fast, pure-Ruby Markdown-superset converter - kramdown command
Latest version:	1.17.0-4ubuntu0.2
Release:	focal (20.04)
Level:	security
Repository:	universe
Head package:	ruby-kramdown
Homepage:	https://kramdown.gettalong.org

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "kramdown"

All arch deb package

APT INSTALL

Other versions of "kramdown" in Focal

Repository	Area	Version
base	universe	1.17.0-4
updates	universe	1.17.0-4ubuntu0.2

Changelog

Version: 1.17.0-4ubuntu0.2 2023-10-10 16:07:28 UTC

ruby-kramdown (1.17.0-4ubuntu0.2) focal-security; urgency=medium * SECURITY UPDATE: arbitrary class generation issue when specifying custom Rouge formatters. - debian/patches/CVE-2021-28834.patch: enforce custom Rouge formatters to be in the Rouge::Formatters namespace. - CVE-2021-28834 -- Evan Caville <email address hidden> Wed, 04 Oct 2023 12:18:54 +1000

Source diff to previous version

CVE-2021-28834

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.

Version: 1.17.0-4ubuntu0.1 2020-09-30 22:06:17 UTC

ruby-kramdown (1.17.0-4ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: Unintended read access - debian/patches/CVE-2020-14001.patch: Add option forbidden_inline_options. By default, the template option is now forbidden. - CVE-2020-14001 -- Mike Salvatore <email address hidden> Wed, 30 Sep 2020 15:11:49 -0400

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such

About - Send Feedback to @ubuntu_updates

Package "kramdown"

Links

Download "kramdown"

Other versions of "kramdown" in Focal

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates