SECURITY: Fedora 34 Update: pandoc-2.9.2.1-10.fc34
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-1f981071eb
2022-04-02 01:56:09.411895
--------------------------------------------------------------------------------
Name : pandoc
Product : Fedora 34
Version : 2.9.2.1
Release : 10.fc34
URL : https://hackage.haskell.org/package/pandoc
Summary : Conversion between markup formats
Description :
Pandoc is a Haskell library for converting from one markup format to another,
and a command-line tool that uses this library. It can read several dialects of
Markdown and (subsets of) HTML, reStructuredText, LaTeX, DocBook, JATS,
MediaWiki markup, DokuWiki markup, TWiki markup, TikiWiki markup, Jira markup,
Creole 1.0, Haddock markup, OPML, Emacs Org-Mode, Emacs Muse, txt2tags, ipynb
(Jupyter notebooks), Vimwiki, Word Docx, ODT, EPUB, FictionBook2, roff man,
Textile, and CSV, and it can write Markdown, reStructuredText, XHTML, HTML 5,
LaTeX, ConTeXt, DocBook, JATS, OPML, TEI, OpenDocument, ODT, Word docx,
PowerPoint pptx, RTF, MediaWiki, DokuWiki, XWiki, ZimWiki, Textile, Jira, roff
man, roff ms, plain text, Emacs Org-Mode, AsciiDoc, Haddock markup, EPUB (v2
and v3), ipynb, FictionBook2, InDesign ICML, Muse, LaTeX beamer slides, and
several kinds of HTML/JavaScript slide shows (S5, Slidy, Slideous, DZSlides,
reveal.js).
In contrast to most existing tools for converting Markdown to HTML, pandoc has
a modular design: it consists of a set of readers, which parse text in a given
format and produce a native representation of the document, and a set of
writers, which convert this native representation into a target format.
Thus, adding an input or output format requires only adding a reader or writer.
For pdf output please also install pandoc-pdf or weasyprint.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-24724 - https://github.com/github/cmark-
gfm/security/advisories/GHSA-mc3g-88wq-6f4x - fixed upstream in Haskell cmark-
gfm-0.2.3 in bundled cmark-gfm-0.29.0.gfm.3 C library - pandoc-citeproc: update
HsYAML-aeson to 0.2.0.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 24 2022 Jens Petersen - 2.9.2.1-10
- require cmark-gfm-0.2.3 for CVE-2022-24724 (#2060663)
https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2060662 - CVE-2022-24724 cmark-gfm: possible RCE due to integer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=2060662
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-1f981071eb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
A pandoc security update has been released for Fedora 34.
