Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

Leon Fauster via devel Fri, 01 Mar 2024 03:20:05 -0800

Am 01.03.24 um 07:55 schrieb Jens-Ulrik Petersen:

On Fri, Feb 9, 2024 at 8:05 PM Christopher Klooz <py0...@posteo.net<mailto:py0...@posteo.net>> wrote:
    __

    The package "pandoc" remains at 3.1.3 in Fedora, but pandoc is
    already at 3.1.11.1. Among the updates since 3.1.3, there have been
    two security-critical (including the medium CVE-2023-35936. Security
    fixes are in 3.1.4 & 3.1.6).

    The actual risk is limited, but these should be updated nevertheless.
Just noting here for the record too, that those pandoc CVEs are nowfixed with backports in Rawhide, and I will gradually push them back tocurrent releases in the near future.


Is EPEL9 also included? That would be great!

--
Thanks
Leon






--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

Reply via email to