Bug 30569 - ruby-mechanize new security issue CVE-2022-31033
Summary: ruby-mechanize new security issue CVE-2022-31033
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-06-20 19:35 CEST by David Walser
Modified: 2024-01-12 09:55 CET (History)
2 users (show)

See Also:
Source RPM: ruby-mechanize-2.8.4-1.mga9.src.rpm
CVE:
Status comment: Fixed upstream in 2.8.5

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-06-20 19:35:29 CEST 
Fedora has issued an advisory on June 19:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7OKZMR5O3T5HQ2V737TC7IU4WZRT2LGX/

The issue is fixed upstream in 2.8.5.

Mageia 8 is also affected.
David Walser 2022-06-20 19:35:46 CEST

Status comment: (none) => Fixed upstream in 2.8.5
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2022-06-22 20:45:02 CEST 
This package has no consistent maintainer, so assigning this bug globally.
CC'ing Pascal who did the last version 'Update to 2.8.4'.

Assignee: bugsquad => pkg-bugs
CC: (none) => pterjan

Comment 2 Nicolas Salguero 2022-10-21 09:37:16 CEST 
Hi,

That issue is already fixed in Cauldron.

Best regards,

Nico.

Version: Cauldron => 8
CC: (none) => nicolas.salguero
Whiteboard: MGA8TOO => (none)

Comment 3 Nicolas Salguero 2024-01-12 09:55:11 CET 
Mageia 8 EOL

Status: NEW => RESOLVED
Resolution: (none) => OLD
Note You need to log in before you can comment on or make changes to this bug.