Bug 31302

Summary: ruby-nokogiri new security issue CVE-2022-23476
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Pascal Terjan <pterjan>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: nicolas.salguero
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: ruby-nokogiri-1.13.8-1.mga9.src.rpm CVE:
Status comment: Fixed upstream in 1.13.10

Description David Walser 2022-12-19 19:12:43 CET 
Fedora has issued an advisory on December 18:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZU7TQA34AJQYXGGIEW64UBHMFP4A5SLA/

The issue is fixed upstream in 1.13.10.
David Walser 2022-12-19 19:12:56 CET

Status comment: (none) => Fixed upstream in 1.13.10

Comment 1 Nicolas Salguero 2023-03-13 14:44:51 CET 
Hi,

ruby-nokogiri-1.13.8-2.mga9 contains a patch for that issue.

Best regards,

Nico.

CC: (none) => nicolas.salguero

Comment 2 David Walser 2023-03-13 15:58:10 CET 
Thanks.

Status: NEW => RESOLVED
Resolution: (none) => FIXED