Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
020220218~2a70d9c.patch | Require skylighting 0.12.3. | John MacFarlane <jgm@berkeley.edu> | invalid | upstream, https://github.com/jgm/pandoc/commit/2a70d9c | 2022-08-13 | |
020220531~9aff861.patch | Require skylighting 0.12.3.1 and update tests. | John MacFarlane <jgm@berkeley.edu> | yes | upstream | upstream, https://github.com/jgm/pandoc/commit/9aff861 | 2022-08-13 |
020230620~5e381e3.patch | fix a security vulnerability in MediaBag and T.P.Class.IO.writeMedia This vulnerability, discovered by Entroy C, allows users to write arbitrary files to any location by feeding pandoc a specially crafted URL in an image element. The vulnerability is serious for anyone using pandoc to process untrusted input. The vulnerability does not affect pandoc when run with the `--sandbox` flag. |
John MacFarlane <jgm@berkeley.edu> | yes | debian upstream | upstream, https://github.com/jgm/pandoc/commit/5e381e3 | 2023-07-25 |
020230623.1~54561e9.patch | fix bug in git commit 5e381e3 In the new code a comma mysteriously turned into a period. This would have prevented proper separation of the mime type and content in data uris. Thanks to @hseg for catching this. |
John MacFarlane <jgm@berkeley.edu> | yes | debian upstream | upstream, https://github.com/jgm/pandoc/commit/54561e9 | 2023-07-25 |
020230623.2~df4f13b.patch | more fixes to git commit 5e381e3 These changes recognize that parseURI does not unescape the path. . Another change is that the canonical form of the path used as the MediaBag key retains percent-encoding, if present; we only unescape the string when writing to a file. . Some tests are needed before the issue can be closed. |
John MacFarlane <jgm@berkeley.edu> | yes | debian upstream | upstream, https://github.com/jgm/pandoc/commit/df4f13b | 2023-07-25 |
020230623.3~fe62da6.patch | add tests for fillMediaBag/extractMedia | John MacFarlane <jgm@berkeley.edu> | yes | debian upstream | upstream, https://github.com/jgm/pandoc/commit/fe62da6 | 2023-07-25 |
020230623.4~5246f02.patch | improve tests for fillMediaBag/extractMedia Ensure that the current directory is not changed up if a test fails, and fix messages for the assertion failures. |
John MacFarlane <jgm@berkeley.edu> | yes | debian upstream | upstream, https://github.com/jgm/pandoc/commit/5246f02 | 2023-07-25 |
020230720~eddedbf.patch | ix new variant of the vulnerability in CVE-2023-35936 Guilhem Moulin noticed that the fix to CVE-2023-35936 was incomplete. An attacker could get around it by double-encoding the malicious extension to create or override arbitrary files. . $ echo '![](data://image/png;base64,cHJpbnQgImhlbGxvIgo=;.lua+%252f%252e%252e%252f%252e%252e%252fb%252elua)' >b.md $ .cabal/bin/pandoc b.md --extract-media=bar <p><img src="bar/2a0eaa89f43fada3e6c577beea4f2f8f53ab6a1d.lua+%2f%2e%2e%2f%2e%2e%2fb%2elua" /></p> $ cat b.lua print "hello" $ find bar bar/ bar/2a0eaa89f43fada3e6c577beea4f2f8f53ab6a1d.lua+ . This commit adds a test case for this more complex attack and fixes the vulnerability. (The fix is quite simple: if the URL-unescaped filename or extension contains a '%', we just use the sha1 hash of the contents as the canonical name, just as we do if the filename contains '..'.) |
John MacFarlane <jgm@berkeley.edu> | yes | debian upstream | upstream, https://github.com/jgm/pandoc/commit/eddedbf | 2023-07-25 |
2001_templates_avoid_privacy_breach.patch | Avoid potential privacy breaches in templates | Jonas Smedegaard <dr@jones.dk> | no | 2018-06-12 | ||
2002_program_package_hint.patch | Improve error message when pdf program is missing | Jonas Smedegaard <dr@jones.dk> | no | 2018-09-01 |