[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim
resulting in DoS
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2105075
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vkumar(a)redhat.com
--- Comment #8 from Tomas Hoger <thoger(a)redhat.com> ---
In reply to comment #2:
> Why have you CC'ed many people or to exact i18n-bugs list to this bug?
i18n-bugs is on the initial CC list for the cldr-emoji-annotation component,
which was added as possibly affected by this issue. The package is considered
to include moment because of moment being listed in
tools/cldr-apps/js/package-lock.json (in sources). However, moment does not
seem to be included in the srpm and also in any binary rpm, hence this looks
like false positive.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2105075
1 year, 10 months
[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim
resulting in DoS
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2105075
--- Comment #4 from Parag Nemade <pnemade(a)redhat.com> ---
I still don't get how moment project CVE is related to i18n packages.
The Fedora repository search only shows
$ sudo dnf search moment
Last metadata expiration check: 4 days, 19:21:18 ago on Thu 07 Jul 2022
12:24:40 PM IST.
====================================================================================
Name Matched: moment
====================================================================================
perl-Time-Moment.x86_64 : Represents a date and time of day with an offset from
UTC
==================================================================================
Summary Matched: moment
===================================================================================
R-FMStable.x86_64 : Finite Moment Stable Distributions
Is moment a bundled Javascript library in some nodejs module package in Fedora?
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2105075
1 year, 10 months