Update to upstream 1.1.7 release to remediate DoS issue npm:brace-expansion:20170302

How to install

sudo dnf upgrade --advisory=FEDORA-2017-2522df3526
This update has been submitted for testing by jsmith. 2 years ago
This update has been pushed to testing. 2 years ago
This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes 2 years ago
User Icon krazyabouttechnology commented & provided feedback 2 years ago
karma

On my system upgraded from Fedora 25 to Fedora 26, I am having dependency issues with this update. I get following error on doing dnf upgrade:

Problem: cannot install the best update candidate for package nodejs-brace-expansion-1.1.3-2.fc26.noarch - nothing provides npm(balanced-match) >= 0.4.1 needed by nodejs-brace-expansion-1.1.7-1.fc26.noarch ================================================================================ Package Arch Version Repository Size ================================================================================ Skipping packages with broken dependencies: nodejs-brace-expansion noarch 1.1.7-1.fc26 updates-testing 12 k

Transaction Summary

Skip 1 Package

Nothing to do. Complete!

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe. 2 years ago
User Icon bellet commented & provided feedback 2 years ago
karma

please unpush this update, or provide the required nodejs-balanced-match package in version 0.4.2 for Fedora 26 too.

BZ#1448380 CVE-2017-18077 nodejs-brace-expansion: Regular expression denial-of-service
mooninite edited this update. New build(s): - nodejs-balanced-match-0.4.2-4.fc26 Karma has been reset. 2 years ago
This update has been submitted for testing by mooninite. 2 years ago
This update has been pushed to testing. 2 years ago
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes 2 years ago
This update has been submitted for batched by mooninite. 2 years ago
This update has been submitted for stable by mooninite. 2 years ago
This update has been pushed to stable. 2 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1448380 CVE-2017-18077 nodejs-brace-expansion: Regular expression denial-of-service
0
0

Automated Test Results