pandoc-2.0.6-6.el8

Pandoc is a markdown/markup conversion tool. The version of pandoc in RHEL 8 CRB
uses cmark-gfm (GitHub's extended version of the C reference implementation of
CommonMark) for parts of its conversion. The update, fixes CVE-2022-24724: an
integer overflow in cmark-gfm's table row parsing which may lead to heap memory
corruption when parsing tables with more than UINT16_MAX columns.

Security Fix(es):

* cmark-gfm: possible RCE due to integer overflow (CVE-2022-24724)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2022-24724
cmark-gfm is GitHub's extended version of the C reference implementation of
CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer
overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to
heap memory corruption when parsing tables who's marker rows contain more than
UINT16_MAX columns. The impact of this heap corruption ranges from Information
Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used.
If `cmark-gfm` is used for rendering remote user controlled markdown, this
vulnerability may lead to Remote Code Execution (RCE) in applications employing
affected versions of the `cmark-gfm` library. This vulnerability has been
patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A
workaround is available. The vulnerability exists in the table markdown
extensions of cmark-gfm. Disabling the table extension will prevent this
vulnerability from being triggered.