commit by to_remotes 2025-09-19 11:58:36 +0200 from cicd

2025-09-19 11:58:36 +02:00 · 2025-09-19 11:58:36 +02:00 · 8aaa09498b
parent 5f81201dd3
commit 8aaa09498b
4 changed files with 20 additions and 7 deletions
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@ -1 +1 @@
-2025-09-16T16:07:36+02:00
+2025-09-19T11:58:35+02:00
--- a/bundle-audit.json
+++ b/bundle-audit.json
@ -1 +1 @@
-{"version":"0.9.2","created_at":"2025-09-16 16:07:36 +0200","results":[]}
+{"version":"0.9.2","created_at":"2025-09-19 11:58:35 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.4.1"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2025-58767.yml","id":"CVE-2025-58767","url":"https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5","title":"REXML has DoS condition when parsing malformed XML file","date":"2025-09-17","description":"### Impact\n\nThe REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when\nparsing XML containing multiple XML declarations. If you need to\nparse untrusted XMLs, you may be impacted to these vulnerabilities.\n\n### Patches\n\nREXML gems 3.4.2 or later include the patches to fix these vulnerabilities.\n\n### Workarounds\n\nDon't parse untrusted XMLs.\n\n### References\n\n* https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767\n  - An announcement on www.ruby-lang.org\n","cvss_v2":null,"cvss_v3":null,"cve":"2025-58767","osvdb":null,"ghsa":"c2f4-jgmc-q2r5","unaffected_versions":["< 3.3.3"],"patched_versions":[">= 3.4.2"],"criticality":null}}]}
--- a/report.txt
+++ b/report.txt
@ -1 +1,10 @@
-No vulnerabilities found
+Name: rexml
 Version: 3.4.1
 CVE: CVE-2025-58767
 GHSA: GHSA-c2f4-jgmc-q2r5
 Criticality: Unknown
 URL: https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5
 Title: REXML has DoS condition when parsing malformed XML file
 Solution: update to '>= 3.4.2'
 Vulnerabilities found!
--- a/update-info.txt
+++ b/update-info.txt
@ -1,7 +1,11 @@
 Updating ruby-advisory-db ...
-Already up to date.
+Updating 84c99b9..dff94e0
 Fast-forward
 gems/rexml/CVE-2025-58767.yml | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 gems/rexml/CVE-2025-58767.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
-  advisories:	1007 advisories
+  advisories:	1008 advisories
-  last updated:	2025-09-13 09:58:51 -0700
+  last updated:	2025-09-18 15:57:32 -0700
-  commit:	84c99b9661a10393a5181a26fa69463ab126fca3
+  commit:	dff94e024b70e68d56d0008ec0095890f9e7a41d
`@ -1 +1 @@`
	`2025-09-16T16:07:36+02:00`	`2025-09-19T11:58:35+02:00`
		`@ -1 +1 @@`
			`{"version":"0.9.2","created_at":"2025-09-16 16:07:36 +0200","results":[]}`				{"version":"0.9.2","created_at":"2025-09-19 11:58:35 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.4.1"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2025-58767.yml","id":"CVE-2025-58767","url":"https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5","title":"REXML has DoS condition when parsing malformed XML file","date":"2025-09-17","description":"### Impact\n\nThe REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when\nparsing XML containing multiple XML declarations. If you need to\nparse untrusted XMLs, you may be impacted to these vulnerabilities.\n\n### Patches\n\nREXML gems 3.4.2 or later include the patches to fix these vulnerabilities.\n\n### Workarounds\n\nDon't parse untrusted XMLs.\n\n### References\n\n* https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767\n - An announcement on www.ruby-lang.org\n","cvss_v2":null,"cvss_v3":null,"cve":"2025-58767","osvdb":null,"ghsa":"c2f4-jgmc-q2r5","unaffected_versions":["< 3.3.3"],"patched_versions":[">= 3.4.2"],"criticality":null}}]}