Debian Mistune vulnerabilities

CVE-2022-34749 [HIGH] CVE-2022-34749: mistune - In mistune through 2.0.2, support of inline markup is implemented by using regul... In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking. Scope: local bookworm: resolved (fixed in 2.0.3-1) bullseye: open forky: resolved (fixed in 2.0.3-1) sid: resolved (fixed in 2.0.3-1) trixie: re

CVE-2017-16876 [MEDIUM] CVE-2017-16876: mistune - Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py i... Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. Scope: local bookworm: resolved (fixed in 0.8.1-1) bullseye: resolved (fixed in 0.8.1-1) forky: resolved (fixed in 0.8.1-1) sid: resolved (fixed in

CVE-2017-15612 [MEDIUM] CVE-2017-15612: mistune - mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in jav... mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. Scope: local bookworm: resolved (fixed in 0.8-1) bullseye: resolved (fixed in 0.8-1) forky: resolved (fixed in 0.8-1) sid: resolved (fixed in 0.8-1) trixie: resolved (fixed in 0.8-1)