Fedora 38 Gitit Update: FEDORA-2024-6ad6b9f417 Critical File Overwrite Fix

fedora

March 31, 2024

Security fix for CVE-2023-35936 and CVE-2023-38745 pandoc: backport fixes for CVE-2023-35936 and CVE-2023-38745 base64 now packaged in Fedora

Summary

Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and

uploaded files can be modified either directly via the VCS's command-line tools

or through the wiki's web interface. Pandoc is used for markup processing, so

pages may be written in (extended) markdown, reStructuredText, LaTeX, HTML, or

literate Haskell.

Notable features include

* plugins: dynamically loaded page transformations written in Haskell (see

"Network.Gitit.Interface")

* conversion of TeX math to MathML for display in web browsers

* syntax highlighting of source code files and code snippets

* Atom feeds (site-wide and per-page)

* a library, "Network.Gitit", that makes it simple to include a gitit wiki in

any happstack application

You can see a running demo at .

For usage information: 'gitit --help'.

Update Information:

Security fix for CVE-2023-35936 and CVE-2023-38745 pandoc: backport fixes for CVE-2023-35936 and CVE-2023-38745 base64 now packaged in Fedora

Topics Covered

security advisory software update Fedora file overwrite critical fix pandoc gitit

Change Log

* Thu Sep 28 2023 Jens Petersen - 0.15.1.1-3 - minor doc file related packaging tweaks * Sun Aug 6 2023 Jens Petersen - 0.15.1.1-2 - fixup the SPDX license tagging with AND/OR * Mon Jul 24 2023 Jens Petersen - 0.15.1.1-1 - https://hackage.haskell.org/package/gitit-0.15.1.1/changelog * Wed Jul 19 2023 Fedora Release Engineering - 0.15.1.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

References

[ 1 ] Bug #2163472 - Review Request: ghc-base64 - A modern RFC 4648-compliant Base64 library https://bugzilla.redhat.com/show_bug.cgi?id=2163472 [ 2 ] Bug #2220873 - TRIAGE pandoc: TRIAGE_CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2220873 [ 3 ] Bug #2227034 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2227034

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-6ad6b9f417' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity

critical

Lowest

Low

Medium

High

Critical

Name: gitit

Product: Fedora 38

Version: 0.15.1.1

Release: 3.fc38

URL: https://hackage.haskell.org/package/gitit

Summary: Wiki using happstack, git or darcs, and pandoc

Topics Covered

security advisory software update Fedora file overwrite critical fix pandoc gitit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks