The following Fedora EPEL 7 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-4add1d3059
needrestart-3.6-1.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-d1317f7176
rubygem-git-1.3.0-2.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
rubygem-nokogiri-1.6.1-1.el7.2
Details about builds:
================================================================================
rubygem-nokogiri-1.6.1-1.el7.2 (FEDORA-EPEL-2022-b3575fc91b)
An HTML, XML, SAX, and Reader parser
--------------------------------------------------------------------------------
Update Information:
Backport CVE-2022-24836 (#2074347), Backport CVE-2022-29181 (#2088685)
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 25 2022 Troy Dawson <[email protected]> - 1.6.1-1.2
- Backport CVE-2022-24836 (#2074347)
- Backport CVE-2022-29181 (#2088685)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2074347 - CVE-2022-24836 rubygem-nokogiri: nokogiri: ReDoS in HTML
encoding detection [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2074347
[ 2 ] Bug #2088685 - CVE-2022-29181 rubygem-nokogiri: Improper Handling of
Unexpected Data Type in Nokogiri [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2088685
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
