pcs-0.10.18-2.el8_10.6

- Fixed CVE-2024-49761 by updating rubygem rexml Resolves: RHEL-98708 - Fixed dist macro in changelog entries, brackets are mandatory inside a string, also adding back question mark to make macro disappear if not defined - Fixed copy-paste error in CVE identifier of the last update
2025-06-23 18:38:02 +02:00 · 2025-06-23 18:38:02 +02:00 · 44784b3bb9
commit 44784b3bb9
parent c49b50b798
3 changed files with 11 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -45,3 +45,4 @@
 /tornado-6.1.0.pcs.1.tar.gz
 /rack-2.2.16.gem
 /tornado-6.1.0.pcs.2.tar.gz
+/rexml-3.4.1.gem
--- a/pcs.spec
+++ b/pcs.spec
@ -1,6 +1,6 @@
 Name: pcs
 Version: 0.10.18
-Release: 2%{?dist}.5
+Release: 2%{?dist}.6
 # https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/
 # https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Good_Licenses
 # GPL-2.0-only: pcs
@ -42,7 +42,7 @@ ExclusiveArch: i686 x86_64 s390x ppc64le aarch64
 %global version_rubygem_rack  2.2.16
 %global version_rubygem_rack_protection  2.2.4
 %global version_rubygem_rack_test  2.1.0
-%global version_rubygem_rexml  3.3.6
+%global version_rubygem_rexml  3.4.1
 %global version_rubygem_ruby2_keywords  0.0.5
 %global version_rubygem_sinatra  2.2.4
 %global version_rubygem_tilt  2.3.0
@ -564,13 +564,17 @@ remove_all_tests
 %license pyagentx_LICENSE.txt

 %changelog
-* Thu May 22 2025 Michal Pospisil <mpospisi@redhat.com> - 0.10.18-2%dist.5
- Fixed CVE-2024-52804 by patching bundled Tornado
+* Mon Jun 23 2025 Michal Pospisil <mpospisi@redhat.com> - 0.10.18-2%{?dist}.6
+- Fixed CVE-2024-49761 by updating rubygem rexml
+  Resolves: RHEL-98708
+
+* Thu May 22 2025 Michal Pospisil <mpospisi@redhat.com> - 0.10.18-2%{?dist}.5
+- Fixed CVE-2024-47287 by patching bundled Tornado
  Resolves: RHEL-93167
 - Fixed CVE-2025-46727 by updating bundled rubygem rack
  Resolves: RHEL-90147

-* Tue Mar 4 2025 Michal Pospisil <mpospisi@redhat.com> - 0.10.18-2%dist.4
+* Tue Mar 4 2025 Michal Pospisil <mpospisi@redhat.com> - 0.10.18-2%{?dist}.4
 - Fixed CVE-2024-52804 by patching bundled Tornado
  Resolves: RHEL-81924

--- a/2
+++ b/2
@ -16,6 +16,6 @@ SHA512 (ffi-1.16.3.gem) = b3d823a03055412a85ae3dbc10c3b50615614f0b66830e144ca476
 SHA512 (puma-6.4.0.gem) = 3f481bd2bd34ed0d66d86f61d7522a48b4d8bfd36b807a1c47bb3b640bc6050a72f4f710fd4fad16260b560f98050e34faad044a54cb759c7ffe8371c3548c18
 SHA512 (tilt-2.3.0.gem) = 78a3de34e3d096e40cb245807bad07cc3ebfa192986addbd228c25153166808b379f3ce086ff68fa5959997946187fe8923e84100653b2b109007390969875b3
 SHA512 (pcs-0.10.18.tar.gz) = 5cadb8158bd97e6f20fdf5fc492e85febf596e813b2e64a6dfb13da803ef3d2a3c1fe63d8e26d9b18279f23bfab9a8ff40fab10c9a87fa84b1da302648533ba0
-SHA512 (rexml-3.3.6.gem) = 0e7f34771f56519b4aa8770b05821a4620a54db1d8f6f547c925de5adf255b717911e197e364d1c270400f7996f583c769a835719b55af475979efdc05ca579b
 SHA512 (rack-2.2.16.gem) = 593ad143ac53cf8d7e46410999c210156b455af947e7139659167a99937da9a657c9cb564ef8413b7556ecc5a5c51865b1353608e2bade3f59999f734e72aff3
 SHA512 (tornado-6.1.0.pcs.2.tar.gz) = 85b7ff3cbfdff4cc4a9260f84c2c9704a32f5294f9dc61cd0a2fa779bde096a6925462658ef0558a833fab34e174abbb49108a37b7951f1ac9fd1c56b77312c0
+SHA512 (rexml-3.4.1.gem) = e5c104416c9f4695c124df90b39bda3ac8b39584b526fca9fbe57171ae25b13ee178a619fa1801934bd764d2c73f46316c14bc634e8efa8f7859c595ba055622