[Bugs] [Bug 13281] New: [CVE 21] nekohtml 1.9.22 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13281

          Platform: 2021.1
            Bug ID: 13281
           Summary: [CVE 21] nekohtml 1.9.22  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2022-24839,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package nekohtml version 1.9.22

INFO (CVEs are): nekohtml 1.9.22
 cves found
CVE-2022-24839
Desc: org.cyberneko.html is an html parser written in Java. The fork of
`org.cyberneko.html` used by Nokogiri (Rubygem) raises a
`java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup.
Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library
`org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of
this library located at https://github.com/sparklemotion/nekohtml and this CVE
applies only to that fork. Other forks of nekohtml may have a similar
vulnerability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-24839
Severity: HIGH

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/fd53329a/attachment.html>