Update to upstream 1.1.7 release to remediate DoS issue npm:brace-expansion:20170302

How to install

sudo dnf upgrade --advisory=FEDORA-2017-2522df3526

This update has been submitted for testing by jsmith.

3 years ago

This update has been pushed to testing.

3 years ago

This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes

3 years ago
User Icon krazyabouttechnology commented & provided feedback 3 years ago
karma

On my system upgraded from Fedora 25 to Fedora 26, I am having dependency issues with this update. I get following error on doing dnf upgrade:

Problem: cannot install the best update candidate for package nodejs-brace-expansion-1.1.3-2.fc26.noarch - nothing provides npm(balanced-match) >= 0.4.1 needed by nodejs-brace-expansion-1.1.7-1.fc26.noarch ================================================================================ Package Arch Version Repository Size ================================================================================ Skipping packages with broken dependencies: nodejs-brace-expansion noarch 1.1.7-1.fc26 updates-testing 12 k

Transaction Summary

Skip 1 Package

Nothing to do. Complete!

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

3 years ago
User Icon bellet commented & provided feedback 3 years ago
karma

please unpush this update, or provide the required nodejs-balanced-match package in version 0.4.2 for Fedora 26 too.

BZ#1448380 CVE-2017-18077 nodejs-brace-expansion: Regular expression denial-of-service

mooninite edited this update.

New build(s):

  • nodejs-balanced-match-0.4.2-4.fc26

Karma has been reset.

2 years ago

This update has been submitted for testing by mooninite.

2 years ago

This update has been pushed to testing.

2 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for batched by mooninite.

2 years ago

This update has been submitted for stable by mooninite.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1448380 CVE-2017-18077 nodejs-brace-expansion: Regular expression denial-of-service
0
0

Automated Test Results