From d32b1d6add55e8010c6a94efa39ada22f980ba78 Mon Sep 17 00:00:00 2001 From: cicd Date: Thu, 20 Feb 2025 08:18:26 +0100 Subject: [PATCH] commit by to_remotes 2025-02-20 08:18:26 +0100 from cicd --- bundle-audit-time.txt | 2 +- bundle-audit.json | 2 +- report.txt | 10 +--------- update-info.txt | 6 +----- 4 files changed, 4 insertions(+), 16 deletions(-) diff --git a/bundle-audit-time.txt b/bundle-audit-time.txt index 4a540b4..6dad8fb 100644 --- a/bundle-audit-time.txt +++ b/bundle-audit-time.txt @@ -1 +1 @@ -2025-02-20T08:06:16+01:00 +2025-02-20T08:18:25+01:00 diff --git a/bundle-audit.json b/bundle-audit.json index bb1e46d..a8e242e 100644 --- a/bundle-audit.json +++ b/bundle-audit.json @@ -1 +1 @@ -{"version":"0.9.2","created_at":"2025-02-20 08:06:16 +0100","results":[{"type":"unpatched_gem","gem":{"name":"nokogiri","version":"1.18.1"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml","id":"GHSA-vvfq-8hwr-qm4m","url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m","title":"Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171","date":"2025-02-18","description":"## Summary\n\nNokogiri v1.18.3 upgrades its dependency libxml2 to\n[v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6).\n\nlibxml2 v2.13.6 addresses:\n\n- CVE-2025-24928\n - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847\n- CVE-2024-56171\n - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828\n\n## Impact\n\n### CVE-2025-24928\n\nStack-buffer overflow is possible when reporting DTD validation\nerrors if the input contains a long (~3kb) QName prefix.\n\n### CVE-2024-56171\n\nUse-after-free is possible during validation against untrusted\nXML Schemas (.xsd) and, potentially, validation of untrusted documents\nagainst trusted Schemas if they make use of `xsd:keyref` in combination\nwith recursively defined types that have additional identity constraints.\n","cvss_v2":null,"cvss_v3":null,"cve":null,"osvdb":null,"ghsa":"vvfq-8hwr-qm4m","unaffected_versions":[],"patched_versions":[">= 1.18.3"],"criticality":null}}]} \ No newline at end of file +{"version":"0.9.2","created_at":"2025-02-20 08:18:25 +0100","results":[]} \ No newline at end of file diff --git a/report.txt b/report.txt index 873d338..8900c02 100644 --- a/report.txt +++ b/report.txt @@ -1,9 +1 @@ -Name: nokogiri -Version: 1.18.1 -GHSA: GHSA-vvfq-8hwr-qm4m -Criticality: Unknown -URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m -Title: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 -Solution: update to '>= 1.18.3' - -Vulnerabilities found! +No vulnerabilities found diff --git a/update-info.txt b/update-info.txt index 2fec08c..5c17e71 100644 --- a/update-info.txt +++ b/update-info.txt @@ -1,9 +1,5 @@ Updating ruby-advisory-db ... -Updating eb74560..1c7f2a8 -Fast-forward - gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml | 39 +++++++++++++++++++++++++++++++++++ - 1 file changed, 39 insertions(+) - create mode 100644 gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml +Already up to date. Updated ruby-advisory-db ruby-advisory-db: advisories: 959 advisories