Overview

File _patchinfo of Package patchinfo.13223

<patchinfo incident="13223">
  <issue tracker="bnc" id="1146578">VUL-0: CVE-2019-5477: rubygem-nokogiri:  Command Injection allows commands to be executed in a subprocess via Ruby's `Kernel.open` method</issue>
  <issue tracker="bnc" id="1156722">[trackerbug] maintenance update for rubygem-nokogiri to version 1.8.5</issue>
  <issue tracker="bnc" id="1180507">VUL-0: CVE-2020-26247: rubygem-nokogiri: potentially XXE or SSRF attacks by parsed Nokogiri::XML::Schema</issue>
  <issue tracker="cve" id="2019-5477"/>
  <issue tracker="cve" id="2020-26247"/>
  <packager>mschnitzer</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for rubygem-nokogiri</summary>
  <description>This update for rubygem-nokogiri fixes the following issues:
  
rubygem-nokogiri was updated to 1.8.5 (bsc#1156722).

Security issues fixed:

- CVE-2019-5477: Fixed a command injection vulnerability (bsc#1146578).
- CVE-2020-26247: Fixed an XXE vulnerability in Nokogiri::XML::Schema (bsc#1180507).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places