Bug 30569

Summary: ruby-mechanize new security issue CVE-2022-31033
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: nicolas.salguero, pterjan
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: ruby-mechanize-2.8.4-1.mga9.src.rpm CVE:
Status comment: Fixed upstream in 2.8.5

Description David Walser 2022-06-20 19:35:29 CEST 
Fedora has issued an advisory on June 19:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7OKZMR5O3T5HQ2V737TC7IU4WZRT2LGX/

The issue is fixed upstream in 2.8.5.

Mageia 8 is also affected.
David Walser 2022-06-20 19:35:46 CEST

Status comment: (none) => Fixed upstream in 2.8.5
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2022-06-22 20:45:02 CEST 
This package has no consistent maintainer, so assigning this bug globally.
CC'ing Pascal who did the last version 'Update to 2.8.4'.

Assignee: bugsquad => pkg-bugs
CC: (none) => pterjan

Comment 2 Nicolas Salguero 2022-10-21 09:37:16 CEST 
Hi,

That issue is already fixed in Cauldron.

Best regards,

Nico.

Version: Cauldron => 8
CC: (none) => nicolas.salguero
Whiteboard: MGA8TOO => (none)

Comment 3 Nicolas Salguero 2024-01-12 09:55:11 CET 
Mageia 8 EOL

Status: NEW => RESOLVED
Resolution: (none) => OLD