Fedora Linux 8782 Published by

A pandoc security update has been released for Fedora 31.



SECURITY: Fedora 31 Update: pandoc-2.5-2.fc31


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-fe299b3fa3
2020-10-06 15:06:57.555099
--------------------------------------------------------------------------------

Name : pandoc
Product : Fedora 31
Version : 2.5
Release : 2.fc31
URL :   https://hackage.haskell.org/package/pandoc
Summary : Conversion between markup formats
Description :
Pandoc is a Haskell library for converting from one markup format to another,
and a command-line tool that uses this library. It can read several dialects of
Markdown and (subsets of) HTML, reStructuredText, LaTeX, DocBook, JATS,
MediaWiki markup, TWiki markup, TikiWiki markup, Creole 1.0, Haddock markup,
OPML, Emacs Org-Mode, Emacs Muse, txt2tags, Vimwiki, Word Docx, ODT, EPUB,
FictionBook2, roff man, and Textile, and it can write Markdown,
reStructuredText, XHTML, HTML 5, LaTeX, ConTeXt, DocBook, JATS, OPML, TEI,
OpenDocument, ODT, Word docx, PowerPoint pptx, RTF, MediaWiki, DokuWiki,
ZimWiki, Textile, roff man, roff ms, plain text, Emacs Org-Mode, AsciiDoc,
Haddock markup, EPUB (v2 and v3), FictionBook2, InDesign ICML, Muse, LaTeX
beamer slides, and several kinds of HTML/JavaScript slide shows (S5, Slidy,
Slideous, DZSlides, reveal.js).

In contrast to most existing tools for converting Markdown to HTML, pandoc has
a modular design: it consists of a set of readers, which parse text in a given
format and produce a native representation of the document, and a set of
writers, which convert this native representation into a target format.
Thus, adding an input or output format requires only adding a reader or writer.

For pdf output please also install pandoc-pdf or weasyprint.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases
the bundled cmark-gfm to 0.29.0.gfm.1   https://github.com/github/cmark-
gfm/security/advisories/GHSA-7gc6-9qr5-hc85
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 21 2020 Jens Petersen - 2.5-2
- rebuild for cmark-gfm-0.2.2: fixes exponential parse (#1854329)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1854328 - CVE-2020-5238 cmark: Exponential time to parse certain inputs could lead to DoS.
  https://bugzilla.redhat.com/show_bug.cgi?id=1854328
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-fe299b3fa3' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys