Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
f9153e86bbb0b0b5a6722dded757b43c59f3e057.patch | [PATCH] Update tests for skylighting-format-blaze-html change. | John MacFarlane <jgm@berkeley.edu> | no | 2023-08-27 | ||
undo-xml-light-internal-library | no | |||||
020230620~5e381e3.patch | fix a security vulnerability in MediaBag and T.P.Class.IO.writeMedia This vulnerability, discovered by Entroy C, allows users to write arbitrary files to any location by feeding pandoc a specially crafted URL in an image element. The vulnerability is serious for anyone using pandoc to process untrusted input. The vulnerability does not affect pandoc when run with the `--sandbox` flag. |
John MacFarlane <jgm@berkeley.edu> | yes | debian upstream | upstream, https://github.com/jgm/pandoc/commit/5e381e3 | 2023-07-25 |
020230623.1~54561e9.patch | fix bug in git commit 5e381e3 In the new code a comma mysteriously turned into a period. This would have prevented proper separation of the mime type and content in data uris. Thanks to @hseg for catching this. |
John MacFarlane <jgm@berkeley.edu> | yes | debian upstream | upstream, https://github.com/jgm/pandoc/commit/54561e9 | 2023-07-25 |
020230623.2~df4f13b.patch | more fixes to git commit 5e381e3 These changes recognize that parseURI does not unescape the path. . Another change is that the canonical form of the path used as the MediaBag key retains percent-encoding, if present; we only unescape the string when writing to a file. . Some tests are needed before the issue can be closed. |
John MacFarlane <jgm@berkeley.edu> | yes | debian upstream | upstream, https://github.com/jgm/pandoc/commit/df4f13b | 2023-07-25 |
020230623.3~fe62da6.patch | add tests for fillMediaBag/extractMedia | John MacFarlane <jgm@berkeley.edu> | yes | debian upstream | upstream, https://github.com/jgm/pandoc/commit/fe62da6 | 2023-07-25 |
020230623.4~5246f02.patch | improve tests for fillMediaBag/extractMedia Ensure that the current directory is not changed up if a test fails, and fix messages for the assertion failures. |
John MacFarlane <jgm@berkeley.edu> | yes | debian upstream | upstream, https://github.com/jgm/pandoc/commit/5246f02 | 2023-07-25 |
020230720~eddedbf.patch | ix new variant of the vulnerability in CVE-2023-35936 Guilhem Moulin noticed that the fix to CVE-2023-35936 was incomplete. An attacker could get around it by double-encoding the malicious extension to create or override arbitrary files. . $ echo '![](data://image/png;base64,cHJpbnQgImhlbGxvIgo=;.lua+%252f%252e%252e%252f%252e%252e%252fb%252elua)' >b.md $ .cabal/bin/pandoc b.md --extract-media=bar <p><img src="bar/2a0eaa89f43fada3e6c577beea4f2f8f53ab6a1d.lua+%2f%2e%2e%2f%2e%2e%2fb%2elua" /></p> $ cat b.lua print "hello" $ find bar bar/ bar/2a0eaa89f43fada3e6c577beea4f2f8f53ab6a1d.lua+ . This commit adds a test case for this more complex attack and fixes the vulnerability. (The fix is quite simple: if the URL-unescaped filename or extension contains a '%', we just use the sha1 hash of the contents as the canonical name, just as we do if the filename contains '..'.) |
John MacFarlane <jgm@berkeley.edu> | yes | debian upstream | upstream, https://github.com/jgm/pandoc/commit/eddedbf | 2023-07-25 |
8b523749aebb67f709fe7348b412f3e5e629ceb4.patch | [PATCH] Revert "Use base64 instead of base64-bytestring." This reverts commit 6625e9655ed2bb0c4bd4dd91b5959a103deab1cb. base64 is currently buggy on 32-bit systems. Closes #9233. |
John MacFarlane <jgm@berkeley.edu> | no | 2023-12-06 | ||
2001_templates_avoid_privacy_breach.patch | Avoid potential privacy breaches in templates | Jonas Smedegaard <dr@jones.dk> | no | 2018-06-12 | ||
2002_program_package_hint.patch | Improve error message when pdf program is missing | Jonas Smedegaard <dr@jones.dk> | no | 2018-09-01 |