Bug 2152067 - CVE-2022-23476 rubygem-nokogiri: Unchecked return value from xmlTextReaderExpand [fedora-all]
Summary: CVE-2022-23476 rubygem-nokogiri: Unchecked return value from xmlTextReaderExp...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: rubygem-nokogiri
Version: 37
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Mamoru TASAKA
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 2153280 (view as bug list)
Depends On:
Blocks: CVE-2022-23476
TreeView+ depends on / blocked
 
Reported: 2022-12-09 05:34 UTC by Mamoru TASAKA
Modified: 2022-12-18 01:40 UTC (History)
4 users (show)

Fixed In Version: rubygem-nokogiri-1.13.10-1.fc37 rubygem-nokogiri-1.13.10-1.fc36
Doc Type: ---
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-12-18 01:40:02 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Mamoru TASAKA 2022-12-09 05:34:49 UTC 
Description of problem:
Fedora tracking bug for CVE-2022-23476 

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce
Comment 1 Fedora Update System 2022-12-09 05:55:51 UTC 
FEDORA-2022-b5c325caad has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-b5c325caad
Comment 2 Fedora Update System 2022-12-09 05:59:52 UTC 
FEDORA-2022-acff3f54b2 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-acff3f54b2
Comment 3 Fedora Update System 2022-12-10 02:48:26 UTC 
FEDORA-2022-b5c325caad has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-b5c325caad`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-b5c325caad

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 4 Fedora Update System 2022-12-10 03:01:23 UTC 
FEDORA-2022-acff3f54b2 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-acff3f54b2`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-acff3f54b2

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Mamoru TASAKA 2022-12-14 13:29:29 UTC 
*** Bug 2153280 has been marked as a duplicate of this bug. ***
Comment 6 Fedora Update System 2022-12-18 01:40:02 UTC 
FEDORA-2022-b5c325caad has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 7 Fedora Update System 2022-12-18 01:40:41 UTC 
FEDORA-2022-acff3f54b2 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.