MGASA-2022-0200 - Updated ruby-nokogiri packages fix security vulnerability

Publication date: 22 May 2022
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-29181

Nokogiri did not type-check all inputs into the XML and HTML4 SAX parsers,
allowing specially crafted untrusted inputs to cause illegal memory access
errors (segfault) or reads from unrelated memory. Version 1.13.6 contains
a patch for this issue. As a workaround, ensure the untrusted input is a
'String' by calling '#to_s' or equivalent.

-[email protected]/thread/4J4GGCK2IK6R7HJKHPGPCCZRBXEWHBVC/

- 8/core/ruby-nokogiri-1.11.7-1.1.mga8