add CVE-2024-21538,cross-spawn,7.0.5,RHIDP-4864 to fixed payload

Signed-off-by: Nick Boldt <[email protected]>

Author: nickboldt

assemblies/assembly-release-notes-fixed-security-issues.adoc

@@ -6,6 +6,8 @@ This section lists security issues fixed in {product} {product-version}.
 
 == {product} {product-bundle-version}
 
+include::./modules/release-notes/snip-fixed-security-issues-in-product-1.3.2.adoc[leveloffset=+2]
+
 include::./modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.2.adoc[leveloffset=+2]
 
 == {product} 1.3.1

modules/release-notes/list-fixed-security-issues-in-product-1.3.2.txt

@@ -1,8 +1,2 @@
 # CVE number, affected package, fixed in version(s), JIRA
-# none yet
-
-# not yet fixed, built, or ready for release
-# NOTE: CVE is empty at the usual RH location so must manually edit generated .adoc file
-# to link to https://nvd.nist.gov/vuln/detail/CVE-2024-21538
-# once this is actually fixed in 1.3.z
-# CVE-2024-21538,cross-spawn,7.0.5,RHIDP-4864
+CVE-2024-21538,cross-spawn,7.0.5,RHIDP-4864

modules/release-notes/snip-fixed-security-issues-in-product-1.3.2.adoc

@@ -0,0 +1,4 @@
+= {product} dependency updates
+
+link:https://access.redhat.com/security/cve/CVE-2024-21538[CVE-2024-21538]::
+A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.