ELBA-2025-38279

ELBA-2025-38279 - yarnpkg Bug Fix update

Type:	BUG
Impact:	NA
Release Date:	2025-08-09

Description

[1.22.22-11]
- Refresh bundle
- Drop patches obsoleted by new bundle
- Add yarn-update-jest.prebundle.patch to update jest and avoid some vulerable dependencies
- Apply fixes for CVE-2025-8262 and CVE-2025-8263

[1.22.22-10]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

[1.22.22-9]
- Add CVE-2025-6545_6547.prebundle.patch and regenerate bundle. Fixes CVE-2025-6545 and CVE-2025-6547.

[1.22.22-8]
- Refresh bundle tarball for CVE-2025-48387

[1.22.22-7]
- Fix CVE-2024-12905

[1.22.22-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild

[1.22.22-5]
- Update bundled ws (CVE-2024-37890)

[1.22.22-4]
- Update bundled elliptic (CVE-2024-48949)

[1.22.22-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild

[1.22.22-2]
- Backport patch for CVE-2024-4067

[1.22.22-1]
- Update to 1.22.22

[1.22.21-2]
- Backport patches for CVE-2022-37599, CVE-2023-26136, CVE-2023-46234

[1.22.21-1]
- Update to 1.22.21

[1.22.19-8]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	yarnpkg-1.22.22-11.el9.src.rpm	cfcbcb033c1cda2d1c59af836499e82209713ab5227eda347797180e8fdebf25	-	ol9_aarch64_developer_EPEL
	yarnpkg-1.22.22-11.el9.aarch64.rpm	0deffb3373121dabb1e907dae9959c9ab76422935f879f143279315b2877c6cf	-	ol9_aarch64_developer_EPEL
Oracle Linux 9 (x86_64)	yarnpkg-1.22.22-11.el9.src.rpm	cfcbcb033c1cda2d1c59af836499e82209713ab5227eda347797180e8fdebf25	-	ol9_x86_64_developer_EPEL
	yarnpkg-1.22.22-11.el9.x86_64.rpm	d167c78accdfdb15af3857c3db411bd5f37a55783b64aab37f6b248e2b1b4fec	-	ol9_x86_64_developer_EPEL

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team