From 1f7707919f2a94792e7b143d0d1acf0e2b8e188e Mon Sep 17 00:00:00 2001
From: cicd <cicd@wiseadvice.eu>
Date: Wed, 21 Aug 2024 09:27:50 +0200
Subject: [PATCH] commit by to_remotes 2024-08-21 09:27:50 +0200 from cicd

---
 bundle-audit-time.txt |  2 +-
 bundle-audit.json     |  2 +-
 report.txt            | 11 +----------
 3 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/bundle-audit-time.txt b/bundle-audit-time.txt
index ed04f5b..6dbb3af 100644
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@@ -1 +1 @@
-2024-08-21T09:27:20+02:00
+2024-08-21T09:27:49+02:00
diff --git a/bundle-audit.json b/bundle-audit.json
index cbd1484..66d87df 100644
--- a/bundle-audit.json
+++ b/bundle-audit.json
@@ -1 +1 @@
-{"version":"0.9.1","created_at":"2024-08-21 09:27:20 +0200","results":[{"type":"unpatched_gem","gem":{"name":"fugit","version":"1.11.0"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/fugit/CVE-2024-43380.yml","id":"CVE-2024-43380","url":"https://github.com/floraison/fugit/security/advisories/GHSA-2m96-52r3-2f3g","title":"fugit parse and parse_nat stall on lengthy input","date":"2024-08-19","description":"### Impact\n\nThe fugit \"natural\" parser, that turns \"every wednesday at 5pm\" into\n\"0 17 * * 3\", accepted any length of input and went on attempting to\nparse it, not returning promptly, as expected. The parse call could\nhold the thread with no end in sight.\n\nFugit dependents that do not check (user) input length for\nplausability are impacted.\n\n### Patches\n\nProblem was reported in #104 and the fix was released in\n[fugit 1.11.1](https://rubygems.org/gems/fugit/versions/1.11.1)\n\n### Workarounds\n\nBy making sure that `Fugit.parse(s)`, `Fugit.do_parse(s)`,\n`Fugit.parse_nat(s)`, `Fugit.do_parse_nat(s)`, `Fugit::Nat.parse(s)`,\nand `Fugit::Nat.do_parse(s)` are not fed strings too long.\n1000 chars feels ok, while 10_000 chars makes it stall.\n\nIn fewer words, making sure those fugit methods are not fed\nunvetted input strings.\n","cvss_v2":null,"cvss_v3":5.3,"cve":"2024-43380","osvdb":null,"ghsa":"2m96-52r3-2f3g","unaffected_versions":[],"patched_versions":[">= 1.11.1"],"criticality":"medium"}}]}
\ No newline at end of file
+{"version":"0.9.1","created_at":"2024-08-21 09:27:49 +0200","results":[]}
\ No newline at end of file
diff --git a/report.txt b/report.txt
index 90546be..8900c02 100644
--- a/report.txt
+++ b/report.txt
@@ -1,10 +1 @@
-Name: fugit
-Version: 1.11.0
-CVE: CVE-2024-43380
-GHSA: GHSA-2m96-52r3-2f3g
-Criticality: Medium
-URL: https://github.com/floraison/fugit/security/advisories/GHSA-2m96-52r3-2f3g
-Title: fugit parse and parse_nat stall on lengthy input
-Solution: upgrade to '>= 1.11.1'
-
-Vulnerabilities found!
+No vulnerabilities found