Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-03-29 Thread Michel Lind
Hi Jens, Apologies for resurrecting and older thread here On Thu, Feb 22, 2024 at 02:06:22PM +0800, Jens-Ulrik Petersen wrote: > (Not sure if it makes sense to post to Discourse: Haskell library reviews > are still a little bit "esoteric" since ghc uses some non-standard linking > (ie various

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-03-01 Thread Leon Fauster via devel
Am 01.03.24 um 07:55 schrieb Jens-Ulrik Petersen: On Fri, Feb 9, 2024 at 8:05 PM Christopher Klooz > wrote: __ The package "pandoc" remains at 3.1.3 in Fedora, but pandoc is already at 3.1.11.1. Among the updates since 3.1.3, there have been two

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-29 Thread Jens-Ulrik Petersen
On Fri, Feb 9, 2024 at 8:05 PM Christopher Klooz wrote: > The package "pandoc" remains at 3.1.3 in Fedora, but pandoc is already at > 3.1.11.1. Among the updates since 3.1.3, there have been two > security-critical (including the medium CVE-2023-35936. Security fixes are > in 3.1.4 & 3.1.6). > >

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-22 Thread Zbigniew Jędrzejewski-Szmek
On Thu, Feb 22, 2024 at 02:06:22PM +0800, Jens-Ulrik Petersen wrote: > I realised a second open package review is > https://bugzilla.redhat.com/show_bug.cgi?id=2068718 (isocline) > - it's a newer dep for pandoc (actually hslua-repl). Done. zbyszek --

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-21 Thread Jens-Ulrik Petersen
On Sat, Feb 17, 2024 at 11:17 AM Michel Lind wrote: > On Thu, Feb 15, 2024 at 07:53:38PM +, Christopher Klooz wrote: > > On 14/02/2024 17.35, Michel Lind wrote: > > > As a pandoc user, I'm happy to help with any reviews. Is there a list > > > where this tends to get posted, apart from devel?

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-16 Thread Michel Lind
On Thu, Feb 15, 2024 at 07:53:38PM +, Christopher Klooz wrote: > On 14/02/2024 17.35, Michel Lind wrote: > > As a pandoc user, I'm happy to help with any reviews. Is there a list > > where this tends to get posted, apart from devel? > > > > Thanks, > > > > Michel > > Once the package needs

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-15 Thread Jens-Ulrik Petersen
Thanks for the support. I will start to post more review requests, maybe post them on discourse too... Currently there is https://bugzilla.redhat.com/show_bug.cgi?id=2163472 (base64) which I opened 1 year ago. Jens On Fri, Feb 16, 2024 at 3:54 AM Christopher Klooz wrote: > On 14/02/2024

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-15 Thread Christopher Klooz
On 14/02/2024 17.35, Michel Lind wrote: As a pandoc user, I'm happy to help with any reviews. Is there a list where this tends to get posted, apart from devel? Thanks, Michel Once the package needs a review, the request should be found here: http://fedoraproject.org/PackageReviewStatus/

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-14 Thread Michel Lind
As a pandoc user, I'm happy to help with any reviews. Is there a list where this tends to get posted, apart from devel? Thanks, Michel On Fri, Feb 09, 2024 at 11:26:33PM +0800, Jens-Ulrik Petersen wrote: > I should also have added there's an increasing amount of technical debt > with the pandoc

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-14 Thread Richard W.M. Jones
Re: pandoc, we managed to build it on RISC-V thanks to the changes you merged in ghc: $ uname -a Linux vf2.home.annexia.org 5.15.0-starfive #1 SMP Sun Jun 11 07:48:39 UTC 2023 riscv64 GNU/Linux $ rpm -q pandoc pandoc-3.1.3-27.fc41.riscv64 $ pandoc --version pandoc 3.1.3 Features:

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-10 Thread Christopher Klooz
On 09/02/2024 16.26, Jens-Ulrik Petersen wrote: I should also have added there's an increasing amount of technical debt with the pandoc packaging - I guess I need to beg people to help with package reviews: also reminded of our packaging (review) streamlining discussion from Flock last year.

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-10 Thread Christopher Klooz
Hi Jens, Thanks for the information. Unfortunately, I didn't see the bugzilla ticket. On 09/02/2024 16.23, Jens-Ulrik Petersen wrote: Hello I am here - thanks for contacting me. I was hoping to cover this as part of my F40 Change, but unfortunately I haven't gotten to it, so the Change is now

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-09 Thread Jens-Ulrik Petersen
I should also have added there's an increasing amount of technical debt with the pandoc packaging - I guess I need to beg people to help with package reviews: also reminded of our packaging (review) streamlining discussion from Flock last year. Jens On Fri, 9 Feb 2024, 23:23 Jens-Ulrik Petersen,

Re: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-09 Thread Jens-Ulrik Petersen
Hello I am here - thanks for contacting me. I was hoping to cover this as part of my F40 Change, but unfortunately I haven't gotten to it, so the Change is now at risk of being deferred to F41. Nevertheless I will see what I can do about this for F40: maybe a backport can also be done for F39.

Re: Fwd: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-09 Thread Christopher Klooz
Thanks! :) On 09/02/2024 13.18, Luna Jernberg wrote: CCed his work email in case he looks there -- Forwarded message - Från: Christopher Klooz Date: fre 9 feb. 2024 kl 13:05 Subject: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security

Fwd: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-09 Thread Luna Jernberg
CCed his work email in case he looks there -- Forwarded message - Från: Christopher Klooz Date: fre 9 feb. 2024 kl 13:05 Subject: Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium) To: Development

Unresponsive maintainer: petersen / Pandoc package not updated since June 2023: Security vulnerability, CVE-2023-35936 (medium)

2024-02-09 Thread Christopher Klooz
I cannot reach the maintainer petersen (see mail below): The package "pandoc" remains at 3.1.3 in Fedora, but pandoc is already at 3.1.11.1. Among the updates since 3.1.3, there have been two security-critical (including the medium CVE-2023-35936. Security fixes are in 3.1.4 & 3.1.6). The