Login
Newsletter
Werbung

Sicherheit: Denial of Service in pandoc
Aktuelle Meldungen Distributionen
Name: Denial of Service in pandoc
ID: FEDORA-2020-fe299b3fa3
Distribution: Fedora
Plattformen: Fedora 31
Datum: Di, 6. Oktober 2020, 22:38
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5238
Applikationen: pandoc

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2020-fe299b3fa3
2020-10-06 15:06:57.555099
-------------------------------------------------------------------------------
-

Name : pandoc
Product : Fedora 31
Version : 2.5
Release : 2.fc31
URL : https://hackage.haskell.org/package/pandoc
Summary : Conversion between markup formats
Description :
Pandoc is a Haskell library for converting from one markup format to another,
and a command-line tool that uses this library. It can read several dialects of
Markdown and (subsets of) HTML, reStructuredText, LaTeX, DocBook, JATS,
MediaWiki markup, TWiki markup, TikiWiki markup, Creole 1.0, Haddock markup,
OPML, Emacs Org-Mode, Emacs Muse, txt2tags, Vimwiki, Word Docx, ODT, EPUB,
FictionBook2, roff man, and Textile, and it can write Markdown,
reStructuredText, XHTML, HTML 5, LaTeX, ConTeXt, DocBook, JATS, OPML, TEI,
OpenDocument, ODT, Word docx, PowerPoint pptx, RTF, MediaWiki, DokuWiki,
ZimWiki, Textile, roff man, roff ms, plain text, Emacs Org-Mode, AsciiDoc,
Haddock markup, EPUB (v2 and v3), FictionBook2, InDesign ICML, Muse, LaTeX
beamer slides, and several kinds of HTML/JavaScript slide shows (S5, Slidy,
Slideous, DZSlides, reveal.js).

In contrast to most existing tools for converting Markdown to HTML, pandoc has
a modular design: it consists of a set of readers, which parse text in a given
format and produce a native representation of the document, and a set of
writers, which convert this native representation into a target format.
Thus, adding an input or output format requires only adding a reader or writer.

For pdf output please also install pandoc-pdf or weasyprint.

-------------------------------------------------------------------------------
-
Update Information:

Security fix for CVE-2020-5238 - ghc-cmark-gfm updated to 0.2.2 which rebases
the bundled cmark-gfm to 0.29.0.gfm.1 https://github.com/github/cmark-
gfm/security/advisories/GHSA-7gc6-9qr5-hc85
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Sep 21 2020 Jens Petersen <petersen@redhat.com> - 2.5-2
- rebuild for cmark-gfm-0.2.2: fixes exponential parse (#1854329)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1854328 - CVE-2020-5238 cmark: Exponential time to parse certain
inputs could lead to DoS.
https://bugzilla.redhat.com/show_bug.cgi?id=1854328
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-fe299b3fa3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung