openssl-1.1.1p-1.fc35
* Thu Jun 30 2022 Clemens Lang <cllang@redhat.com> – 1:1.1.1p-1
– Upgrade to 1.1.1p
Resolves: CVE-2022-2068
Related: rhbz#2099975
Security fix for CVE-2022-2068
openssl1.1-1.1.1p-1.fc36
* Thu Jun 30 2022 Clemens Lang <cllang@redhat.com> – 1:1.1.1p-1
– Upgrade to 1.1.1p
Resolves: CVE-2022-2068
Related: rhbz#2099975
Security fix for CVE-2022-2068
openssl1.1-1.1.1p-1.fc37
Automatic update for openssl1.1-1.1.1p-1.fc37.
* Thu Jun 30 2022 Clemens Lang <cllang@redhat.com> – 1:1.1.1p-1
– Upgrade to 1.1.1p
Resolves: CVE-2022-2068
Related: rhbz#2099975
gerbv-2.9.2-1.fc36
upstream release 2.9.2
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA.
[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.20.0 to 5.21.0: Patch 202206.1
Arnie Cabral
Thu, 06/30/2022 – 11:05
Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of these issues. Tenable.sc Patch 202206.1 updates Apache to version 2.4.54 to address the identified vulnerabilities
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code.
osbuild-composer-56-1.fc36
Update to osbuild-composer 56
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view’s `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (“XSS”). This vulnerability only affects applications that assign or bind user-provided content to `tagName`.
