Thanks! :) On 09/02/2024 13.18, Luna Jernberg wrote:
CCed his work email in case he looks there ---------- Forwarded message --------- Från: Christopher Klooz <py0xc3@xxxxxxxxxx> Date: fre 9 feb. 2024 kl 13:05 Subject: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium) To: Development discussions related to Fedora <devel@xxxxxxxxxxxxxxxxxxxxxxx I cannot reach the maintainer petersen (see mail below): The package "pandoc" remains at 3.1.3 in Fedora, but pandoc is already at 3.1.11.1. Among the updates since 3.1.3, there have been two security-critical (including the medium CVE-2023-35936. Security fixes are in 3.1.4 & 3.1.6). The actual risk is limited, but these should be updated nevertheless. Does anyone know how to reach him by other means? Regards, Chris -------- Forwarded Message -------- Subject: Fedora package "pandoc" outdated and contains security vulnerability Date: Thu, 1 Feb 2024 15:55:09 +0100 From: py0xc3@xxxxxxxxxx To: petersen@xxxxxxxxxxxxxxxxx Hi petersen, I am reaching out because of the package "pandoc", which you maintain. I have seen that the package is still at version 3.1.3 [1] when I tried to install it with dnf, whereas the current version is 3.1.11.1 [2]: is this intended or an accident? It has to be noted that the updates that have been added in the meantime contain fixes for security vulnerabilities (at least CVE-2023-35936; I have just roughly skimmed the changelogs). So at the moment, it seems the Fedora build can be exploited by attackers in some circumstances [3] [4] because it is still at 3.1.3. Regards & thanks for maintaining, Chris [1] https://koji.fedoraproject.org/koji/packageinfo?packageID=11560 [2] https://hackage.haskell.org/package/pandoc & https://github.com/jgm/pandoc [3] https://github.com/jgm/pandoc/releases?page=1 [4] https://github.com/jgm/pandoc/releases?page=2 -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
