insight-13.0.50.20220502-1.fc35
New upstream snapshot.
Fixes CVE-2021-3826.
Disable deprecated declaration warnings/errors.
Disable nonnull-compare warnings.
Patch “symtab_no_format_overflow” to avoid a false positive format overflow
detection.
A buffer overflow was discovered in the vhost code of DPDK,
a set of libraries for fast packet processing, which could result
in denial of service or the execution of arbitrary code by malicious
guests/containers.
In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern (“[a-zA-Z][a-zA-Z0-9+.-]+:”) before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741.
IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671.
rubygem-puma-4.3.6-5.fc35
Fix CVE-2022-23634 – information leak between requests.
Fix CVE-2022-24790 – http request smuggling vulnerabilities
rubygem-puma-5.5.2-3.fc36
Fix CVE-2022-23634 – information leak between requests.
Fix CVE-2022-24790 – http request smuggling vulnerabilities.
rubygem-puma-5.6.5-1.fc37
Update to Puma 5.6.5.
rubygem-puma-5.6.5-1.fc38
Automatic update for rubygem-puma-5.6.5-1.fc38.
* Thu Aug 25 2022 Vít Ondruch <vondruch@redhat.com> – 5.6.5-1
– Update to Puma 5.6.5.
Resolves: rhbz#2046576
Resolves: rhbz#2113697
Resolves: rhbz#2071625
Resovles: rhbz#2054212
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> – 5.5.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.
