[SECURITY] Fedora EPEL 5 Update: python-markdown2-1.0.1.15-1.el5

updates at fedoraproject.org updates at fedoraproject.org
Mon Oct 26 16:53:23 UTC 2009


--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2009-0615
2009-10-08 23:03:18
--------------------------------------------------------------------------------

Name        : python-markdown2
Product     : Fedora EPEL 5
Version     : 1.0.1.15
Release     : 1.el5
URL         : http://code.google.com/p/python-markdown2/
Summary     : A fast and complete Python implementation of Markdown
Description :
Markdown is a text-to-HTML filter; it translates an easy-to-read /
easy-to-write structured text format into HTML. Markdown's text format
is most similar to that of plain text email, and supports features
such as headers, emphasis, code blocks, blockquotes, and links.

This is a fast and complete Python implementation of the Markdown
spec.

For information about markdown itself, see
http://daringfireball.net/projects/markdown/

--------------------------------------------------------------------------------
Update Information:

Update from 1.0.1.13 to 1.0.1.15, which fixes two  security-related bugs
according to upstream's changelog:  - [Issue 30] Fix a possible XSS via
JavaScript injection in a carefully crafted image reference (usage of double-
quotes in the URL).  - [Issue 29] Fix security hole in the md5-hashing scheme
for handling HTML chunks during processing.
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update python-markdown2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the epel-package-announce mailing list