Fedora 36: 2022-acff3f54b2 Critical: Nokogiri Illegal Exception Fix

Nokogiri parses and searches XML/HTML very quickly, and also has

correctly implemented CSS3 selector support as well as XPath support.

Nokogiri also features an Hpricot compatibility layer to help ease the change

to using correct CSS and XPath.

A potential bug was found on nokogiri on or before 1.13.9 overlooked some return

values from functions used internally. This can lead to raise some illegal

exception. This bug was assigned as CVE-2022-23476. This new rpm should fix this

issue.

* Fri Dec 9 2022 Mamoru TASAKA - 1.13.10-1

- 1.13.10

- Address CVE-2022-23476

[ 1 ] Bug #2152067 - CVE-2022-23476 rubygem-nokogiri: Unchecked return value from xmlTextReaderExpand [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2152067

su -c 'dnf upgrade --advisory FEDORA-2022-acff3f54b2' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: