https://bugzilla.redhat.com/show_bug.cgi?id=2303541
Bug ID: 2303541 Summary: CVE-2024-42460 yarnpkg: ECDSA signature malleability due to missing checks [fedora-all] Product: Fedora Version: 40 Status: NEW Whiteboard: {"flaws": ["3ba2f3c7-fb13-4ca8-8ca1-61d0ef3482e6"]} Component: yarnpkg Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: zsvetlik@redhat.com Reporter: mbenatto@redhat.com QA Contact: extras-qa@fedoraproject.org CC: epel-packagers-sig@lists.fedoraproject.org, manisandro@gmail.com, ngompa13@gmail.com, zsvetlik@redhat.com Blocks: 2302459 (CVE-2024-42460) Target Milestone: --- Classification: Fedora
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2302459
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2302459 [Bug 2302459] CVE-2024-42460 elliptic: nodejs/elliptic: ECDSA signature malleability due to missing checks
epel-packagers-sig@lists.fedoraproject.org