[SECURITY] [DSA 4831-1] ruby-redcarpet security update

2021-01-1513:09:33

lists.debian.org

0.001 Low

EPSS

Percentile

33.3%

JSON

Debian Security Advisory DSA-4831-1 [email protected]
https://www.debian.org/security/ Sebastien Delafond
January 15, 2021 https://www.debian.org/security/faq

Package : ruby-redcarpet
CVE ID : CVE-2020-26298
Debian Bug : 980057

Johan Smits discovered that ruby-redcarpet, a markdown parser, did not
properly validate its input. This would allow an attacker to mount a
cross-site scripting attack.

For the stable distribution (buster), this problem has been fixed in
version 3.4.0-4+deb10u1.

We recommend that you upgrade your ruby-redcarpet packages.

For the detailed security status of ruby-redcarpet please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-redcarpet

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9arm64ruby-redcarpet< 3.3.4-2+deb9u1ruby-redcarpet_3.3.4-2+deb9u1_arm64.deb
Debian10amd64ruby-redcarpet-dbgsym< 3.4.0-4+deb10u1ruby-redcarpet-dbgsym_3.4.0-4+deb10u1_amd64.deb
Debian10armelruby-redcarpet-dbgsym< 3.4.0-4+deb10u1ruby-redcarpet-dbgsym_3.4.0-4+deb10u1_armel.deb
Debian10i386ruby-redcarpet-dbgsym< 3.4.0-4+deb10u1ruby-redcarpet-dbgsym_3.4.0-4+deb10u1_i386.deb
Debian10armhfruby-redcarpet< 3.4.0-4+deb10u1ruby-redcarpet_3.4.0-4+deb10u1_armhf.deb
Debian10mips64elruby-redcarpet-dbgsym< 3.4.0-4+deb10u1ruby-redcarpet-dbgsym_3.4.0-4+deb10u1_mips64el.deb
Debian10armelruby-redcarpet< 3.4.0-4+deb10u1ruby-redcarpet_3.4.0-4+deb10u1_armel.deb
Debian10arm64ruby-redcarpet< 3.4.0-4+deb10u1ruby-redcarpet_3.4.0-4+deb10u1_arm64.deb
Debian10mipselruby-redcarpet< 3.4.0-4+deb10u1ruby-redcarpet_3.4.0-4+deb10u1_mipsel.deb
Debian10mips64elruby-redcarpet< 3.4.0-4+deb10u1ruby-redcarpet_3.4.0-4+deb10u1_mips64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	arm64	ruby-redcarpet	< 3.3.4-2+deb9u1	ruby-redcarpet_3.3.4-2+deb9u1_arm64.deb
Debian	10	amd64	ruby-redcarpet-dbgsym	< 3.4.0-4+deb10u1	ruby-redcarpet-dbgsym_3.4.0-4+deb10u1_amd64.deb
Debian	10	armel	ruby-redcarpet-dbgsym	< 3.4.0-4+deb10u1	ruby-redcarpet-dbgsym_3.4.0-4+deb10u1_armel.deb
Debian	10	i386	ruby-redcarpet-dbgsym	< 3.4.0-4+deb10u1	ruby-redcarpet-dbgsym_3.4.0-4+deb10u1_i386.deb
Debian	10	armhf	ruby-redcarpet	< 3.4.0-4+deb10u1	ruby-redcarpet_3.4.0-4+deb10u1_armhf.deb
Debian	10	mips64el	ruby-redcarpet-dbgsym	< 3.4.0-4+deb10u1	ruby-redcarpet-dbgsym_3.4.0-4+deb10u1_mips64el.deb
Debian	10	armel	ruby-redcarpet	< 3.4.0-4+deb10u1	ruby-redcarpet_3.4.0-4+deb10u1_armel.deb
Debian	10	arm64	ruby-redcarpet	< 3.4.0-4+deb10u1	ruby-redcarpet_3.4.0-4+deb10u1_arm64.deb
Debian	10	mipsel	ruby-redcarpet	< 3.4.0-4+deb10u1	ruby-redcarpet_3.4.0-4+deb10u1_mipsel.deb
Debian	10	mips64el	ruby-redcarpet	< 3.4.0-4+deb10u1	ruby-redcarpet_3.4.0-4+deb10u1_mips64el.deb