|
|
Subscribe / Log in / New account

Red Hat alert RHSA-2025:8427-01 (pandoc)

An update for pandoc is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Pandoc is a Haskell library for converting from one markup format to another,
and a command-line tool that uses this library. It can read several dialects
of Markdown and (subsets of) HTML, reStructuredText, LaTeX, DocBook, JATS,
MediaWiki markup, TWiki markup, TikiWiki markup, Creole 1.0, Haddock markup,
OPML, Emacs Org-Mode, Emacs Muse, txt2tags, Vimwiki, Word Docx, ODT, and
Textile, and it can write Markdown, reStructuredText, XHTML, HTML 5, LaTeX,
ConTeXt, DocBook, JATS, OPML, TEI, OpenDocument, ODT, Word docx, RTF,
MediaWiki, DokuWiki, ZimWiki, Textile, groff man, groff ms, plain text, Emacs
Org-Mode, AsciiDoc, Haddock markup, EPUB (v2 and v3), FictionBook2, InDesign
ICML, Muse, LaTeX beamer slides, PowerPoint, and several kinds of
HTML/JavaScript slide shows (S5, Slidy, Slideous, DZSlides, reveal.js).  In
contrast to most existing tools for converting Markdown to HTML, pandoc has a
modular design: it consists of a set of readers, which parse text in a given
format and produce a native representation of the document, and a set of
writers, which convert this native representation into a target format. Thus,
adding an input or output format requires only adding a reader or writer.
For pdf output please also install pandoc-pdf.

Security Fix(es):

* cmark-gfm: Quadratic complexity bugs may lead to a denial of service
(CVE-2023-24824)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0
International License (https://creativecommons.org/licenses/by/4.0/). If you
distribute this content, or a modified version of it, you must provide
attribution to Red Hat Inc. and provide a link to the original.


Original: https://access.redhat.com/security/data/csaf/v2/advisories/2025/rhsa-2025_8427.json
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds