commit by to_remotes 2024-02-06 12:07:27 +0100 from vmdevac

2024-02-06 12:07:27 +01:00 · 2024-02-06 12:07:27 +01:00 · ce64709d34
parent 6dd1440143
commit ce64709d34
4 changed files with 19 additions and 7 deletions
--- a/bundle-audit-time.txt
+++ b/bundle-audit-time.txt
@ -1 +1 @@
-2024-02-05T12:54:37+01:00
+2024-02-06T12:07:25+01:00
--- a/bundle-audit.json
+++ b/bundle-audit.json
@ -1 +1 @@
-{"version":"0.9.1","created_at":"2024-02-05 12:54:36 +0100","results":[]}
+{"version":"0.9.1","created_at":"2024-02-06 12:07:25 +0100","results":[{"type":"unpatched_gem","gem":{"name":"nokogiri","version":"1.16.0"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml","id":"GHSA-xc9x-jj77-9p9j","url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j","title":"Improper Handling of Unexpected Data Type in Nokogiri","date":"2024-02-04","description":"### Summary\n\nNokogiri v1.16.2 upgrades the version of its dependency libxml2 to v2.12.5.\n\nlibxml2 v2.12.5 addresses the following vulnerability:\n\nCVE-2024-25062 / https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062\ndescribed at https://gitlab.gnome.org/GNOME/libxml2/-/issues/604\npatched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970\n\nPlease note that this advisory only applies to the CRuby implementation of\nNokogiri < 1.16.2, and only if the packaged libraries are being used. If\nyou've overridden defaults at installation time to use system libraries\ninstead of packaged libraries, you should instead pay attention to your\ndistro's libxml2 release announcements.\n\n### Severity\n\nThe Nokogiri maintainers have evaluated this as **Moderate**.\n\n### Mitigation\n\nUpgrade to Nokogiri >= 1.16.2.\n\nUsers who are unable to upgrade Nokogiri may also choose a more complicated\nmitigation: compile and link Nokogiri against external libraries libxml2 >=\n2.12.5 which will also address these same issues.\n\nJRuby users are not affected.\n\n### Workarounds\n","cvss_v2":null,"cvss_v3":null,"cve":null,"osvdb":null,"ghsa":"xc9x-jj77-9p9j","unaffected_versions":[],"patched_versions":[">= 1.16.2"],"criticality":null}}]}
--- a/report.txt
+++ b/report.txt
@ -1 +1,9 @@
-No vulnerabilities found
+Name: nokogiri
 Version: 1.16.0
 GHSA: GHSA-xc9x-jj77-9p9j
 Criticality: Unknown
 URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j
 Title: Improper Handling of Unexpected Data Type in Nokogiri
 Solution: upgrade to '>= 1.16.2'
 Vulnerabilities found!
--- a/update-info.txt
+++ b/update-info.txt
@ -1,7 +1,11 @@
 Updating ruby-advisory-db ...
-Already up to date.
+Updating a68eda3..ddfa779
 Fast-forward
 gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml | 48 +++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
-  advisories:	853 advisories
+  advisories:	854 advisories
-  last updated:	2024-01-24 20:17:59 -0800
+  last updated:	2024-02-05 12:56:34 -0800
-  commit:	a68eda32fca4a16811aa4e666738632f18aca1ba
+  commit:	ddfa779959bdb0b6dc600ca450ec1be93a15f3c1
`@ -1 +1 @@`
	`2024-02-05T12:54:37+01:00`	`2024-02-06T12:07:25+01:00`
		`@ -1 +1 @@`
			`{"version":"0.9.1","created_at":"2024-02-05 12:54:36 +0100","results":[]}`				{"version":"0.9.1","created_at":"2024-02-06 12:07:25 +0100","results":[{"type":"unpatched_gem","gem":{"name":"nokogiri","version":"1.16.0"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml","id":"GHSA-xc9x-jj77-9p9j","url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j","title":"Improper Handling of Unexpected Data Type in Nokogiri","date":"2024-02-04","description":"### Summary\n\nNokogiri v1.16.2 upgrades the version of its dependency libxml2 to v2.12.5.\n\nlibxml2 v2.12.5 addresses the following vulnerability:\n\nCVE-2024-25062 / https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062\ndescribed at https://gitlab.gnome.org/GNOME/libxml2/-/issues/604\npatched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970\n\nPlease note that this advisory only applies to the CRuby implementation of\nNokogiri < 1.16.2, and only if the packaged libraries are being used. If\nyou've overridden defaults at installation time to use system libraries\ninstead of packaged libraries, you should instead pay attention to your\ndistro's libxml2 release announcements.\n\n### Severity\n\nThe Nokogiri maintainers have evaluated this as Moderate.\n\n### Mitigation\n\nUpgrade to Nokogiri >= 1.16.2.\n\nUsers who are unable to upgrade Nokogiri may also choose a more complicated\nmitigation: compile and link Nokogiri against external libraries libxml2 >=\n2.12.5 which will also address these same issues.\n\nJRuby users are not affected.\n\n### Workarounds\n","cvss_v2":null,"cvss_v3":null,"cve":null,"osvdb":null,"ghsa":"xc9x-jj77-9p9j","unaffected_versions":[],"patched_versions":[">= 1.16.2"],"criticality":null}}]}