Your message dated Mon, 22 Sep 2025 16:27:49 -0700
with message-id <15565213.tv2OnDr8pf@soren-desktop>
and subject line ruby-commonmarker: CVE-2023-37463
has caused the Debian Bug report #1041100,
regarding ruby-commonmarker: CVE-2023-37463
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1041100: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041100
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ruby-commonmarker
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby-commonmarker.
CVE-2023-37463[0]:
| cmark-gfm is an extended version of the C reference implementation
| of CommonMark, a rationalized version of Markdown syntax with a
| spec. Three polynomial time complexity issues in cmark-gfm may lead
| to unbounded resource exhaustion and subsequent denial of service.
| These vulnerabilities have been patched in 0.29.0.gfm.12.
https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-37463
https://www.cve.org/CVERecord?id=CVE-2023-37463
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Control: fixed -1 0.23.10-1
This was fixed in the 0.23.10-1 release, but it was not documented in the
changelog.
https://security.snyk.io/vuln/SNYK-RUBY-COMMONMARKER-5829860
--
Soren Stoutner
[email protected]
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
