Bug#1042057: bullseye-pu: package pandoc/2.9.2.1-1+deb11u1

To: Guilhem Moulin <guilhem@debian.org>, 1042057@bugs.debian.org
Subject: Bug#1042057: bullseye-pu: package pandoc/2.9.2.1-1+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 23 Sep 2023 21:56:00 +0100
Message-id: <[🔎] df32cf695ae4e346bceec2f327d14456c3af9d67.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1042057@bugs.debian.org
In-reply-to: <ZMBBGmRVdWpr6BaA@debian.org>
References: <ZMBBGmRVdWpr6BaA@debian.org> <ZMBBGmRVdWpr6BaA@debian.org>

Control: tags -1 confirmed

On Tue, 2023-07-25 at 23:39 +0200, Guilhem Moulin wrote:
> pandoc 2.9.2.1-1 is vulnerable to CVE-2023-35936: Arbitrary file
> write
> vulnerability via specially crafted image element in the input when
> generating
> files using the `--extract-media` option or outputting to PDF format.
> 
> The Security Team decided not to issue a DSA for that CVE, but it's
> now fixed in
> buster-security (2.2.1-3+deb10u1) as well as sid (2.17.1.1-2), so it
> makes sense
> to fix it via (o)s-pu too.
> 

Please go ahead; sorry for the delay.

Regards,

Adam

Reply to:

Prev by Date: Bug#1035464: bullseye-pu: package lttng-modules/2.12.5-1+deb11u1
Next by Date: Processed: Re: Bug#1035464: bullseye-pu: package lttng-modules/2.12.5-1+deb11u1
Previous by thread: Bug#1035464: bullseye-pu: package lttng-modules/2.12.5-1+deb11u1
Next by thread: Processed: Re: Bug#1042057: bullseye-pu: package pandoc/2.9.2.1-1+deb11u1
Index(es):
- Date
- Thread