[MIR] python-markdown
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-markdown (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Availability: Currently in universe.
Rationale: python-markdown is a dependency of cheetah, however, our Ubuntu delta on cheetah patches out python-markdown from d/control to avoid a component mismatch. This is currently causing issues for some packages that depend on cheetah (LP: #1183634), and projects that depend on cheetah could benefit from python-markdown (some may even require it). Rather than mantain delta on cheetah, we should promote python-markdown to main.
Security: Unable to find any CVE issues for python-markdown (python-markdown2 is a different story)
Quality Assurance: No Ubuntu delta, no Debian or Ubuntu bugs package actively maintained in Debian and upstream. Upstream ships a test suite that is enabled during package build.
Dependencies: All in main except python-tidylib (LP: #1187185)
description: | updated |
description: | updated |
Changed in python-markdown (Ubuntu): | |
assignee: | Ubuntu Security Team (ubuntu-security) → Seth Arnold (seth-arnold) |
This looks fine from a packaging / maintainability standpoint. But since it is a parser, and markdown2 has security problems, I figure a quick security audit would be in order. Passing to security team.