blob: 8b81b6923698d474f8cd4d9d4b716e61d5aa03a0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
<define-tag description>security update</define-tag>
<define-tag moreinfo>
<p>A flaw was discovered in ruby-kramdown, a fast, pure ruby, Markdown
parser and converter, which could result in unintended read access to
files or unintended embedded Ruby code execution when the {::options /}
extension is used together with the <q>template</q> option.</p>
<p>The Update introduces a new option <q>forbidden_inline_options</q> to
restrict the options allowed with the {::options /} extension. By
default the <q>template</q> option is forbidden.</p>
<p>For the stable distribution (buster), this problem has been fixed in
version 1.17.0-1+deb10u1.</p>
<p>We recommend that you upgrade your ruby-kramdown packages.</p>
<p>For the detailed security status of ruby-kramdown please refer to
its security tracker page at:
<a href="https://security-tracker.debian.org/tracker/ruby-kramdown">\
https://security-tracker.debian.org/tracker/ruby-kramdown</a></p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2020/dsa-4742.data"
# $Id: $
|
