updates mistune to 2.0.4
m2r updated to pin dependency to mistune < 2
new package: python-mistune08 compatibility package, to be used by dependents that cannot use the new mistune (namely nbconvert)
new package: python-sphinx-typlog-theme, needed to build mistune 2.x documentation
Compatibility package for mistune 0.8, so we can update mistune to 2x without breaking unported dependents like nbconvert
It was discovered that XML Security Library incorrectly handled certain
input documents. An attacker could possibly use this issue to obtain
sensitive information or cause a denial of service.
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application’s binaries and configuration files.
It was discovered that unzip did not properly handle unicode strings under
certain circumstances. If a user were tricked into opening a specially crafted
zip file, an attacker could possibly use this issue to cause unzip to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2021-4217)
It was discovered that unzip did not properly perform bounds checking while
converting wide strings to local strings. If a user were tricked into opening a
specially crafted zip file, an attacker could possibly use this issue to cause
unzip to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-0529, CVE-2022-0530)
