July 2022 - i18n-bugs - Fedora Mailing-Lists

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 --- Comment #9 from Tomas Hoger <thoger(a)redhat.com> --- In reply to comment #7: > Why is python-sig(a)lists.fedoraproject.org in CC for this RHEL bug? Is there > something the Fedora SIG can/should do here? python-sig is added because of python-notebook, but I do not see why that component was added here as possibly affected. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 Tomas Hoger <thoger(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vkumar(a)redhat.com --- Comment #8 from Tomas Hoger <thoger(a)redhat.com> --- In reply to comment #2: > Why have you CC'ed many people or to exact i18n-bugs list to this bug? i18n-bugs is on the initial CC list for the cldr-emoji-annotation component, which was added as possibly affected by this issue. The package is considered to include moment because of moment being listed in tools/cldr-apps/js/package-lock.json (in sources). However, moment does not seem to be included in the srpm and also in any binary rpm, hence this looks like false positive. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 Petr Viktorin <pviktori(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pviktori(a)redhat.com Flags| |needinfo?(amctagga(a)redhat.c | |om) --- Comment #7 from Petr Viktorin <pviktori(a)redhat.com> --- Why is python-sig(a)lists.fedoraproject.org in CC for this RHEL bug? Is there something the Fedora SIG can/should do here? -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 Avinash Hanwate <ahanwate(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2106582, 2106580, 2106579, | |2106581, 2106583, 2106584 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 --- Comment #5 from Parag Nemade <pnemade(a)redhat.com> --- You are not authorized to access bug #2105076. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 --- Comment #4 from Parag Nemade <pnemade(a)redhat.com> --- I still don't get how moment project CVE is related to i18n packages. The Fedora repository search only shows $ sudo dnf search moment Last metadata expiration check: 4 days, 19:21:18 ago on Thu 07 Jul 2022 12:24:40 PM IST. ==================================================================================== Name Matched: moment ==================================================================================== perl-Time-Moment.x86_64 : Represents a date and time of day with an offset from UTC ================================================================================== Summary Matched: moment =================================================================================== R-FMStable.x86_64 : Finite Moment Stable Distributions Is moment a bundled Javascript library in some nodejs module package in Fedora? -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 amctagga(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(amctagga(a)redhat.c | |om) | --- Comment #3 from amctagga(a)redhat.com --- In reply to comment #2: > Why have you CC'ed many people or to exact i18n-bugs list to this bug? The default CC list is based off the affects, and is based off who is on the CC list for affected products. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 Parag Nemade <pnemade(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(amctagga(a)redhat.c | |om) --- Comment #2 from Parag Nemade <pnemade(a)redhat.com> --- Why have you CC'ed many people or to exact i18n-bugs list to this bug? -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 Avinash Hanwate <ahanwate(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |moment 2.29.4 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

1 year, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

i18n-bugs July 2022