Fedora 36: yarnpkg 2023-18fd476362

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-18fd476362
2023-01-21 03:40:23.183468
--------------------------------------------------------------------------------

Name        : yarnpkg
Product     : Fedora 36
Version     : 1.22.19
Release     : 3.fc36
URL         : https://github.com/yarnpkg/yarn
Summary     : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.

--------------------------------------------------------------------------------
Update Information:

Add patches for CVE-2021-43138, CVE-2022-3517, CVE-2020-7677
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 11 2023 Sandro Mani  - 1.22.19-3
- Add patches for CVE-2021-43138, CVE-2022-3517, CVE-2020-7677
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2127008 - CVE-2021-43138 yarnpkg: async: Prototype Pollution in async [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2127008
  [ 2 ] Bug #2127351 - CVE-2020-7677 yarnpkg: thenify: Arbitrary Code Execution in thenify [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2127351
  [ 3 ] Bug #2135472 - CVE-2022-3517 yarnpkg: nodejs-minimatch: ReDoS via the braceExpand function [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2135472
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-18fd476362' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

What Are You Looking For?

Popular Tags

Fedora 36: yarnpkg 2023-18fd476362

Summary

Change Log

References

Update Instructions

New Patches Aim To Tackle Linux x86_64 PIE Support

Patches Updated For Hooking eBPF Programs Into The Linux Kernel Scheduler

Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution

New Ubuntu Linux Kernel Security Updates Fix 16 Vulnerabilities, Patch Now

News

Advisories

HOWTOs

Features

Linux Container Security Primer

Email Phishing Using Kali Linux

Is Linux A More Secure Option Than Windows For Businesses?

How Secure Is Linux?

How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

What Are You Looking For?

Popular Tags

Fedora 36: yarnpkg 2023-18fd476362

Summary

Change Log

References

Update Instructions

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By