--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2020-5eca570e16
2020-05-31 03:56:22.673502
--------------------------------------------------------------------------------Name        : marked
Product     : Fedora 31
Version     : 1.1.0
Release     : 3.fc31
URL         : https://github.com/markedjs/marked
Summary     : A markdown parser for Node.js built for speed
Description :
Install this for command line tool and man page.

marked is a full-featured markdown compiler that can parse huge chunks of
markdown without having to worry about caching the compiled output or
blocking for an unnecessarily long time.

marked is extremely fast and frequently outperforms similar markdown parsers.
marked is very concise and still implements all markdown features, as well
as GitHub Flavored Markdown features.

marked more or less passes the official markdown test suite in its entirety.
This is important because a surprising number of markdown compilers cannot
pass more than a few tests.

--------------------------------------------------------------------------------Update Information:

New upstream release with bug and security fixes.  Also, consolidates duplicate
pakages marked and nodejs-marked.  I tested upgrades from both, but may have
missed some wonky situation.
--------------------------------------------------------------------------------ChangeLog:

* Fri May 22 2020 Stuart Gathman  - 1.1.0-3
- Move web assets to js-marked
* Fri May 22 2020 Stuart Gathman  - 1.1.0-2
- Move module files to nodejs-marked
- Fix shebang no longer autofixed in /usr/lib/node_modules
* Fri May 22 2020 Stuart Gathman  - 1.1.0-1
- New upstream release
- CVE-2015-8854 ReDos fixed in 0.3.9
- bz#1529736 bz#1529738 - XSS w/ mangling disabled fixed in 0.3.9
- bz#1702320 ReDos vuln - CVE removed, problem not in marked
- CVE-2016-1000013 fixed in 0.7.0
- CVE-2017-17461 ReDos in dependency (still open)
- CVE-2017-1000427 XSS via data URI fixed in 0.3.7
* Wed Jan 29 2020 Fedora Release Engineering  - 0.3.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1185162 - NodeJS marked: VBScript Content Injection [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1185162
  [ 2 ] Bug #1186221 - marked-1.1.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1186221
  [ 3 ] Bug #1328407 - CVE-2016-1000013 marked: sanitization bypass using HTML [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=1328407
  [ 4 ] Bug #1328408 - CVE-2016-1000013 marked: sanitization bypass using HTML [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1328408
  [ 5 ] Bug #1329535 - CVE-2015-8854 marked: regular expression denial of service [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=1329535
  [ 6 ] Bug #1329537 - CVE-2015-8854 marked: regular expression denial of service [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1329537
  [ 7 ] Bug #1417926 - CVE-2017-1000427 marked: Cross-site scripting via Data URIs [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1417926
  [ 8 ] Bug #1417927 - CVE-2017-1000427 marked: Cross-site scripting via Data URIs [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1417927
  [ 9 ] Bug #1417928 - CVE-2017-1000427 marked: Cross-site scripting via Data URIs [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=1417928
  [ 10 ] Bug #1529729 - marked: Cross-site Scripting (XSS) attacks via hexadecimal form of HTML [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1529729
  [ 11 ] Bug #1529730 - marked: Cross-site Scripting (XSS) attacks via hexadecimal form of HTML [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1529730
  [ 12 ] Bug #1529737 - marked: Cross-site Scripting (XSS) via autolink with mangling disabled [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1529737
  [ 13 ] Bug #1529738 - marked: Cross-site Scripting (XSS) via autolink with mangling disabled [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1529738
  [ 14 ] Bug #1550778 - marked: Regular expression denial of service in marked.js [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1550778
  [ 15 ] Bug #1550779 - marked: Regular expression denial of service in marked.js [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1550779
  [ 16 ] Bug #1702320 - marked: Regular expression denial of service in inline.text regex [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1702320
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-5eca570e16' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Fedora 31: marked FEDORA-2020-5eca570e16

May 30, 2020
New upstream release with bug and security fixes

Summary

Install this for command line tool and man page.

marked is a full-featured markdown compiler that can parse huge chunks of

markdown without having to worry about caching the compiled output or

blocking for an unnecessarily long time.

marked is extremely fast and frequently outperforms similar markdown parsers.

marked is very concise and still implements all markdown features, as well

as GitHub Flavored Markdown features.

marked more or less passes the official markdown test suite in its entirety.

This is important because a surprising number of markdown compilers cannot

pass more than a few tests.

New upstream release with bug and security fixes. Also, consolidates duplicate

pakages marked and nodejs-marked. I tested upgrades from both, but may have

missed some wonky situation.

* Fri May 22 2020 Stuart Gathman - 1.1.0-3

- Move web assets to js-marked

* Fri May 22 2020 Stuart Gathman - 1.1.0-2

- Move module files to nodejs-marked

- Fix shebang no longer autofixed in /usr/lib/node_modules

* Fri May 22 2020 Stuart Gathman - 1.1.0-1

- New upstream release

- CVE-2015-8854 ReDos fixed in 0.3.9

- bz#1529736 bz#1529738 - XSS w/ mangling disabled fixed in 0.3.9

- bz#1702320 ReDos vuln - CVE removed, problem not in marked

- CVE-2016-1000013 fixed in 0.7.0

- CVE-2017-17461 ReDos in dependency (still open)

- CVE-2017-1000427 XSS via data URI fixed in 0.3.7

* Wed Jan 29 2020 Fedora Release Engineering - 0.3.2-12

- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

[ 1 ] Bug #1185162 - NodeJS marked: VBScript Content Injection [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1185162

[ 2 ] Bug #1186221 - marked-1.1.0 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1186221

[ 3 ] Bug #1328407 - CVE-2016-1000013 marked: sanitization bypass using HTML [epel-6]

https://bugzilla.redhat.com/show_bug.cgi?id=1328407

[ 4 ] Bug #1328408 - CVE-2016-1000013 marked: sanitization bypass using HTML [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=1328408

[ 5 ] Bug #1329535 - CVE-2015-8854 marked: regular expression denial of service [epel-6]

https://bugzilla.redhat.com/show_bug.cgi?id=1329535

[ 6 ] Bug #1329537 - CVE-2015-8854 marked: regular expression denial of service [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=1329537

[ 7 ] Bug #1417926 - CVE-2017-1000427 marked: Cross-site scripting via Data URIs [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=1417926

[ 8 ] Bug #1417927 - CVE-2017-1000427 marked: Cross-site scripting via Data URIs [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1417927

[ 9 ] Bug #1417928 - CVE-2017-1000427 marked: Cross-site scripting via Data URIs [epel-6]

https://bugzilla.redhat.com/show_bug.cgi?id=1417928

[ 10 ] Bug #1529729 - marked: Cross-site Scripting (XSS) attacks via hexadecimal form of HTML [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1529729

[ 11 ] Bug #1529730 - marked: Cross-site Scripting (XSS) attacks via hexadecimal form of HTML [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1529730

[ 12 ] Bug #1529737 - marked: Cross-site Scripting (XSS) via autolink with mangling disabled [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1529737

[ 13 ] Bug #1529738 - marked: Cross-site Scripting (XSS) via autolink with mangling disabled [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1529738

[ 14 ] Bug #1550778 - marked: Regular expression denial of service in marked.js [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1550778

[ 15 ] Bug #1550779 - marked: Regular expression denial of service in marked.js [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1550779

[ 16 ] Bug #1702320 - marked: Regular expression denial of service in inline.text regex [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1702320

su -c 'dnf upgrade --advisory FEDORA-2020-5eca570e16' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

FEDORA-2020-5eca570e16 2020-05-31 03:56:22.673502 Product : Fedora 31 Version : 1.1.0 Release : 3.fc31 URL : https://github.com/markedjs/marked Summary : A markdown parser for Node.js built for speed Description : Install this for command line tool and man page. marked is a full-featured markdown compiler that can parse huge chunks of markdown without having to worry about caching the compiled output or blocking for an unnecessarily long time. marked is extremely fast and frequently outperforms similar markdown parsers. marked is very concise and still implements all markdown features, as well as GitHub Flavored Markdown features. marked more or less passes the official markdown test suite in its entirety. This is important because a surprising number of markdown compilers cannot pass more than a few tests. New upstream release with bug and security fixes. Also, consolidates duplicate pakages marked and nodejs-marked. I tested upgrades from both, but may have missed some wonky situation. * Fri May 22 2020 Stuart Gathman - 1.1.0-3 - Move web assets to js-marked * Fri May 22 2020 Stuart Gathman - 1.1.0-2 - Move module files to nodejs-marked - Fix shebang no longer autofixed in /usr/lib/node_modules * Fri May 22 2020 Stuart Gathman - 1.1.0-1 - New upstream release - CVE-2015-8854 ReDos fixed in 0.3.9 - bz#1529736 bz#1529738 - XSS w/ mangling disabled fixed in 0.3.9 - bz#1702320 ReDos vuln - CVE removed, problem not in marked - CVE-2016-1000013 fixed in 0.7.0 - CVE-2017-17461 ReDos in dependency (still open) - CVE-2017-1000427 XSS via data URI fixed in 0.3.7 * Wed Jan 29 2020 Fedora Release Engineering - 0.3.2-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [ 1 ] Bug #1185162 - NodeJS marked: VBScript Content Injection [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1185162 [ 2 ] Bug #1186221 - marked-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1186221 [ 3 ] Bug #1328407 - CVE-2016-1000013 marked: sanitization bypass using HTML [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1328407 [ 4 ] Bug #1328408 - CVE-2016-1000013 marked: sanitization bypass using HTML [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1328408 [ 5 ] Bug #1329535 - CVE-2015-8854 marked: regular expression denial of service [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1329535 [ 6 ] Bug #1329537 - CVE-2015-8854 marked: regular expression denial of service [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1329537 [ 7 ] Bug #1417926 - CVE-2017-1000427 marked: Cross-site scripting via Data URIs [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1417926 [ 8 ] Bug #1417927 - CVE-2017-1000427 marked: Cross-site scripting via Data URIs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1417927 [ 9 ] Bug #1417928 - CVE-2017-1000427 marked: Cross-site scripting via Data URIs [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1417928 [ 10 ] Bug #1529729 - marked: Cross-site Scripting (XSS) attacks via hexadecimal form of HTML [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1529729 [ 11 ] Bug #1529730 - marked: Cross-site Scripting (XSS) attacks via hexadecimal form of HTML [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1529730 [ 12 ] Bug #1529737 - marked: Cross-site Scripting (XSS) via autolink with mangling disabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1529737 [ 13 ] Bug #1529738 - marked: Cross-site Scripting (XSS) via autolink with mangling disabled [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1529738 [ 14 ] Bug #1550778 - marked: Regular expression denial of service in marked.js [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1550778 [ 15 ] Bug #1550779 - marked: Regular expression denial of service in marked.js [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1550779 [ 16 ] Bug #1702320 - marked: Regular expression denial of service in inline.text regex [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1702320 su -c 'dnf upgrade --advisory FEDORA-2020-5eca570e16' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
Product : Fedora 31
Version : 1.1.0
Release : 3.fc31
URL : https://github.com/markedjs/marked
Summary : A markdown parser for Node.js built for speed

Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved