New subject: [Bug 2293212] CVE-2024-28863 yarnpkg: node-tar: denial of service while parsing a tar file due to lack of folders depth validation [epel-8]

20 Jun 2024

      https://bugzilla.redhat.com/show_bug.cgi?id=2293212
Bug ID: 2293212
           Summary: CVE-2024-28863 yarnpkg: node-tar: denial of service
                    while parsing a tar file due to lack of folders depth
                    validation [epel-8]
           Product: Fedora EPEL
           Version: epel8
            Status: NEW
         Component: yarnpkg
          Keywords: Security, SecurityTracking
          Severity: medium
          Priority: medium
          Assignee: zsvetlik@redhat.com
          Reporter: trathi@redhat.com
                CC: epel-packagers-sig@lists.fedoraproject.org,
                    manisandro@gmail.com, ngompa13@gmail.com,
                    zsvetlik@redhat.com
  Target Milestone: ---
    Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2293200
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
-- 
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2293212

Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report...

[Bug 2293212] New: CVE-2024-28863 yarnpkg: node-tar: denial of service while parsing a tar file due to lack of folders depth validation [epel-8]