https://bugzilla.redhat.com/show_bug.cgi?id=2102001
--- Comment #4 from Anten Skrabec <askrabec(a)redhat.com> ---
Created dotnet6.0 tracking bugs for this issue:
Affects: fedora-all [bug 2102911]
Created golang-ariga-atlas tracking bugs for this issue:
Affects: fedora-all [bug 2102912]
Created golang-entgo-ent tracking bugs for this issue:
Affects: fedora-all [bug 2102913]
Created grafana tracking bugs for this issue:
Affects: fedora-all [bug 2102914]
Created mozjs68 tracking bugs for this issue:
Affects: fedora-all [bug 2102915]
Created mozjs78 tracking bugs for this issue:
Affects: fedora-all [bug 2102916]
Created nodejs-nodemon tracking bugs for this issue:
Affects: fedora-all [bug 2102917]
Created nodejs:12/nodejs tracking bugs for this issue:
Affects: fedora-all [bug 2102918]
Created nodejs:13/nodejs tracking bugs for this issue:
Affects: epel-all [bug 2102908]
Created nodejs:14/nodejs tracking bugs for this issue:
Affects: fedora-all [bug 2102919]
Created npm-name-cli tracking bugs for this issue:
Affects: fedora-all [bug 2102920]
Created seamonkey tracking bugs for this issue:
Affects: epel-all [bug 2102909]
Affects: fedora-all [bug 2102921]
Created syncthing tracking bugs for this issue:
Affects: epel-all [bug 2102910]
Created vagrant tracking bugs for this issue:
Affects: fedora-all [bug 2102922]
Created yarnpkg tracking bugs for this issue:
Affects: fedora-all [bug 2102923]
Created zuul tracking bugs for this issue:
Affects: fedora-all [bug 2102924]
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2102001
https://bugzilla.redhat.com/show_bug.cgi?id=2102923
Bug ID: 2102923
Summary: CVE-2022-33987 yarnpkg: got: missing verification of
requested URLs allows redirects to UNIX sockets
[fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: yarnpkg
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: zsvetlik(a)redhat.com
Reporter: askrabec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
ngompa13(a)gmail.com, zsvetlik(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2102923