Control: tags -1 confirmed On Tue, 2023-07-25 at 23:39 +0200, Guilhem Moulin wrote: > pandoc 2.9.2.1-1 is vulnerable to CVE-2023-35936: Arbitrary file > write > vulnerability via specially crafted image element in the input when > generating > files using the `--extract-media` option or outputting to PDF format. > > The Security Team decided not to issue a DSA for that CVE, but it's > now fixed in > buster-security (2.2.1-3+deb10u1) as well as sid (2.17.1.1-2), so it > makes sense > to fix it via (o)s-pu too. >
Please go ahead; sorry for the delay. Regards, Adam