Fedora 29: FEDORA-2019-b02e9bf467 critical: php-erusev-parsedown XSS Alert

fedora

March 6, 2019

## 1.7.1 - \#475: "Loose" lists will now contain paragraphs in all items, not just some

Summary

Markdown parser in PHP.

Autoloader: /usr/share/php/erusev/parsedown/autoload.php

## 1.7.1 - \#475: "Loose" lists will now contain paragraphs in all items, not

just some. - \#433: Links will no longer be double nested - \#525: The info-string when beginning a code block may now contain non-word characters (e.g.

`c++`) - \#561: The `mbstring` extension (which we already depend on) has been

added explicitly to `composer.json` - \#563: The `Parsedown::version` constant

now matches the release version - \#560: Builds will now fail if we forget to

update the version constant again ## 1.7.0 CVE-2018-1000162 - Merge pull

request #495 from aidantwoods/anti-xss - Prevent various XSS attacks (rebase and

update of #276)

* Sun Feb 24 2019 Shawn Iwinski - 1.7.1-1

- Update to 1.7.1 (RHBZ #1569512 / RHBZ #1569513 / RHBZ #1569514 / CVE-2018-1000162)

* Sat Feb 2 2019 Fedora Release Engineering - 1.6.4-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

[ 1 ] Bug #1569513 - CVE-2018-1000162 php-erusev-parsedown: Cross Site Scripting in `setMarkupEscaped` [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1569513

[ 2 ] Bug #1569514 - CVE-2018-1000162 php-erusev-parsedown: Cross Site Scripting in `setMarkupEscaped` [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1569514

su -c 'dnf upgrade --advisory FEDORA-2019-b02e9bf467' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics Covered

security advisory security update Fedora cross site scripting php-erusev-parsedown CVE-2018-1000162

Change Log

References

Update Instructions

Severity

critical

Lowest

Low

Medium

High

Critical

Product: Fedora 29

Version: 1.7.1

Release: 1.fc29

URL: https://parsedown.org/

Summary: Markdown parser in PHP

Topics Covered

security advisory security update Fedora cross site scripting php-erusev-parsedown CVE-2018-1000162

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Fedora 29: FEDORA-2019-b02e9bf467 critical: php-erusev-parsedown XSS Alert

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Fedora 29: FEDORA-2019-b02e9bf467 critical: php-erusev-parsedown XSS Alert

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!