SECURITY: Fedora 32 Update: pandoc-2.7.3-4.fc32
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-1eaffe0013
2020-10-06 15:02:13.246044
--------------------------------------------------------------------------------
Name : pandoc
Product : Fedora 32
Version : 2.7.3
Release : 4.fc32
URL : https://hackage.haskell.org/package/pandoc
Summary : Conversion between markup formats
Description :
Pandoc is a Haskell library for converting from one markup format to another,
and a command-line tool that uses this library. It can read several dialects of
Markdown and (subsets of) HTML, reStructuredText, LaTeX, DocBook, JATS,
MediaWiki markup, DokuWiki markup, TWiki markup, TikiWiki markup, Creole 1.0,
Haddock markup, OPML, Emacs Org-Mode, Emacs Muse, txt2tags, ipynb (Jupyter
notebooks), Vimwiki, Word Docx, ODT, EPUB, FictionBook2, roff man, and Textile,
and it can write Markdown, reStructuredText, XHTML, HTML 5, LaTeX, ConTeXt,
DocBook, JATS, OPML, TEI, OpenDocument, ODT, Word docx, PowerPoint pptx, RTF,
MediaWiki, DokuWiki, XWiki, ZimWiki, Textile, Jira, roff man, roff ms, plain
text, Emacs Org-Mode, AsciiDoc, Haddock markup, EPUB (v2 and v3), ipynb,
FictionBook2, InDesign ICML, Muse, LaTeX beamer slides, and several kinds of
HTML/JavaScript slide shows (S5, Slidy, Slideous, DZSlides, reveal.js).
In contrast to most existing tools for converting Markdown to HTML, pandoc has
a modular design: it consists of a set of readers, which parse text in a given
format and produce a native representation of the document, and a set of
writers, which convert this native representation into a target format.
Thus, adding an input or output format requires only adding a reader or writer.
For pdf output please also install pandoc-pdf or weasyprint.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases
the bundled cmark-gfm to 0.29.0.gfm.1 - also update hakyll to 4.13.4.0
https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 21 2020 Jens Petersen - 2.7.3-4
- rebuild for cmark-gfm-0.2.2: fixes exponential parse (#1854329)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1854328 - CVE-2020-5238 cmark: Exponential time to parse certain inputs could lead to DoS.
https://bugzilla.redhat.com/show_bug.cgi?id=1854328
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-1eaffe0013' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
A pandoc security update has been released for Fedora 32.