ALT-BU-2025-6121-2
Branch sisyphus update bulletin.
Package multipath-tools updated to version 0.11.1-alt3 for branch sisyphus in task 382792.
Closed bugs
multipath-tools 0.11.1-alt2 имеет зависимость на systemctl
Package admx-firefox updated to version 6.10-alt1 for branch sisyphus in task 382798.
Closed bugs
Групповая политика для Mozilla - Firefox - Расширения: неверная ссылка на README в разделе Помощь
Групповая политика для Mozilla - Firefox - Расширения: отсутствует информация о поддерживаемых версиях
Closed vulnerabilities
BDU:2023-09093
Уязвимость анализатора RFC3164 утилиты для обработки логов Syslog-ng, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-04-03
CVE-2022-38725
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
- https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
- https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
- https://lists.balabit.hu/pipermail/syslog-ng/
- https://lists.balabit.hu/pipermail/syslog-ng/
- [debian-lts-announce] 20230228 [SECURITY] [DLA 3348-1] syslog-ng security update
- [debian-lts-announce] 20230228 [SECURITY] [DLA 3348-1] syslog-ng security update
- FEDORA-2023-43eb573065
- FEDORA-2023-43eb573065
- FEDORA-2023-3d44a41fa3
- FEDORA-2023-3d44a41fa3
- GLSA-202305-09
- GLSA-202305-09
- DSA-5369
- DSA-5369
Closed bugs
FTBFS на i586
Package pve-common updated to version 8.3.1-alt2 for branch sisyphus in task 382842.
Closed bugs
Предупреждения об использовании неинициализированной переменной при работе с кластером PVE
Package an-anime-game-launcher updated to version 3.13.1-alt2 for branch sisyphus in task 382840.
Closed bugs
нехватает зависимостей
Closed vulnerabilities
BDU:2024-08375
Уязвимость библиотеки преобразования форматов разметки Pandoc языка программирования Haskell, позволяющая нарушителю создавать или перезаписывать произвольные файлы в системе
BDU:2024-08409
Уязвимость библиотеки преобразования форматов разметки Pandoc языка программирования Haskell, позволяющая нарушителю создавать или перезаписывать произвольные файлы в системе
Modified: 2025-02-13
CVE-2023-35936
Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the `--extract-media` option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system ,depending on the privileges of the process running pandoc. It only affects systems that pass untrusted user input to pandoc and allow pandoc to be used to produce a PDF or with the `--extract-media` option. The fix is to unescape the percent-encoding prior to checking that the resource is not above the working directory, and prior to extracting the extension. Some code for checking that the path is below the working directory was flawed in a similar way and has also been fixed. Note that the `--sandbox` option, which only affects IO done by readers and writers themselves, does not block this vulnerability. The vulnerability is patched in pandoc 3.1.4. As a workaround, audit the pandoc command and disallow PDF output and the `--extract-media` option.
- https://github.com/jgm/pandoc/security/advisories/GHSA-xj5q-fv23-575g
- https://github.com/jgm/pandoc/security/advisories/GHSA-xj5q-fv23-575g
- https://lists.debian.org/debian-lts-announce/2023/07/msg00029.html
- https://lists.debian.org/debian-lts-announce/2023/07/msg00029.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JGRJHU2FTSGTHHRTNDF7STEKLKKA25JN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JGRJHU2FTSGTHHRTNDF7STEKLKKA25JN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYP3FKDS3KAYMQUZVVL73IUI4CWSKLKP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYP3FKDS3KAYMQUZVVL73IUI4CWSKLKP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QI6RBP6ZKVC2OOCV6SU2FUHPMAXDDJFU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QI6RBP6ZKVC2OOCV6SU2FUHPMAXDDJFU/
Modified: 2024-11-21
CVE-2023-38745
Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names).
- https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625
- https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625
- https://github.com/jgm/pandoc/compare/3.1.5...3.1.6
- https://github.com/jgm/pandoc/compare/3.1.5...3.1.6
- [debian-lts-announce] 20230725 [SECURITY] [DLA 3507-1] pandoc security update
- [debian-lts-announce] 20230725 [SECURITY] [DLA 3507-1] pandoc security update
- FEDORA-2024-b458482d48
- FEDORA-2024-b458482d48
- FEDORA-2024-6ad6b9f417
- FEDORA-2024-6ad6b9f417
- FEDORA-2024-7d83cbccb6
- FEDORA-2024-7d83cbccb6
Closed bugs
[FR] citeproc
pandoc: too old