-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-7d83cbccb6 2024-03-29 00:16:07.816517 -------------------------------------------------------------------------------- Name : pandoc Product : Fedora 40 Version : 3.1.3 Release : 29.fc40 URL : https://hackage.haskell.org/package/pandoc Summary : Conversion between markup formats Description : Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats (many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags) - HTML formats (HTML 4 and 5) - Ebook formats (EPUB v2 and v3, FB2) - Documentation formats (GNU TexInfo, Haddock) - Roff formats (man, ms) - TeX formats (LaTeX, ConTeXt) - Typst - XML formats (DocBook 4 and 5, JATS, TEI Simple, OpenDocument) - Outline formats (OPML) - Bibliography formats (BibTeX, BibLaTeX, CSL JSON, CSL YAML, RIS) - Word processor formats (Docx, RTF, ODT) - Interactive notebook formats (Jupyter notebook ipynb) - Page layout formats (InDesign ICML) - Wiki markup formats (MediaWiki, DokuWiki, TikiWiki, TWiki, Vimwiki, XWiki, ZimWiki, Jira wiki, Creole) - Slide show formats (LaTeX Beamer, PowerPoint, Slidy, reveal.js, Slideous, S5, DZSlides) - Data formats (CSV and TSV tables) - PDF (via external programs such as pdflatex or wkhtmltopdf) Pandoc can convert mathematical content in documents between TeX, MathML, Word equations, roff eqn, typst, and plain text. It includes a powerful system for automatic citations and bibliographies, and it can be customized extensively using templates, filters, and custom readers and writers written in Lua. For the pandoc command-line program, see the 'pandoc-cli' package. For pdf output please also install pandoc-pdf or weasyprint. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-35936 and CVE-2023-38745 pandoc: backport fixes for CVE-2023-35936 and CVE-2023-38745 pandoc-cli: new package for pandoc binary patat: update to 0.11.0.0 and enable tests base64, isocline, toml-parser: now packaged in Fedora -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 5 2024 Jens Petersen <petersen@xxxxxxxxxx> - 3.1.3-29 - toml-parser is now packaged in Fedora * Tue Feb 27 2024 Jens Petersen <petersen@xxxxxxxxxx> - 3.1.3-28 - pandoc-cli is now packaged in Fedora - move hslua subpackages to pandoc-cli - backport fixes for CVE-2023-35936 and CVE-2023-38745 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2220871 - CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system https://bugzilla.redhat.com/show_bug.cgi?id=2220871 [ 2 ] Bug #2225379 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system (incomplete fix in upstream for CVE-2023-35936) https://bugzilla.redhat.com/show_bug.cgi?id=2225379 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-7d83cbccb6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue