544007dcc4
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
19 lines
732 B
Makefile
19 lines
732 B
Makefile
################################################################################
|
|
#
|
|
# python-markdown2
|
|
#
|
|
################################################################################
|
|
|
|
PYTHON_MARKDOWN2_VERSION = 2.3.8
|
|
PYTHON_MARKDOWN2_SOURCE = markdown2-$(PYTHON_MARKDOWN2_VERSION).tar.gz
|
|
PYTHON_MARKDOWN2_SITE = https://files.pythonhosted.org/packages/e3/93/d37055743009d1a492b2670cc215831a388b3d6e4a28b7672fdf0f7854f5
|
|
PYTHON_MARKDOWN2_SETUP_TYPE = setuptools
|
|
PYTHON_MARKDOWN2_LICENSE = MIT
|
|
PYTHON_MARKDOWN2_LICENSE_FILES = LICENSE.txt
|
|
|
|
# 0001-Fix-for-issue-348-incomplete-tags-with-punctuation-after-as-part-of.patch
|
|
# 0002-Better-fix-for-issue-348.patch
|
|
PYTHON_MARKDOWN2_IGNORE_CVES += CVE-2020-11888
|
|
|
|
$(eval $(python-package))
|