FEDORA-EPEL-2024-78df19aaf3 — security update for yarnpkg

stable

yarnpkg-1.22.22-5.el9

FEDORA-EPEL-2024-78df19aaf3 created by smani a year ago for Fedora EPEL 9

Sync with fedora package.

This update has been submitted for testing by smani.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please log in to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

a year ago

in testing

a year ago

in stable

a year ago

approved

a year ago

Builds

yarnpkg-1.22.22-5.el9

BZ#2220677 CVE-2023-26136 yarnpkg: tough-cookie: prototype pollution in cookie memstore [epel-all]

BZ#2222512 CVE-2022-25883 yarnpkg: nodejs-semver: Regular expression denial of service [epel-all]

BZ#2246630 CVE-2023-46234 yarnpkg: browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack [epel-all]

BZ#2280614 CVE-2024-4068 yarnpkg: braces: fails to limit the number of characters it can handle [epel-all]

BZ#2280768 CVE-2024-4067 yarnpkg: micromatch: vulnerable to Regular Expression Denial of Service [epel-all]

BZ#2290910 CVE-2024-29041 yarnpkg: express: cause malformed URLs to be evaluated [epel-all]

BZ#2303222 CVE-2024-42461 yarnpkg: From NVD collector [epel-all]

BZ#2303441 CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers [epel-all]

BZ#2303538 CVE-2024-42460 yarnpkg: ECDSA signature malleability due to missing checks [epel-all]

BZ#2303782 CVE-2024-42459 yarnpkg: From NVD collector [epel-all]

BZ#2317788 CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification [epel-9]

yarnpkg-1.22.22-5.el9

Automated Test Results

ignored