Attachment #191916 for bug #227053

View | Details | Raw Unified | Return to bug 227053
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="b20d5f5e-32c2-11e8-a869-9c5c8e75236a">
    <topic>ruby -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>ruby</name>
	<range><ge>2.3.0,1</ge><lt>2.3.7,1</lt></range>
	<range><ge>2.4.0,1</ge><lt>2.4.4,1</lt></range>
	<range><ge>2.5.0,1</ge><lt>2.5.1,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ooooooo_q reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/">
	  <p>There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby, because it uses tmpdir internally.</p>
	</blockquote>
	<blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/">
	  <p>There is a unintentional socket creation vulnerability in UNIXServer.open method of socket library bundled with Ruby. And there is also a unintentional socket access vulnerability in UNIXSocket.open method.</p>
	</blockquote>
	<blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/">
	  <p>There is an unintentional directory traversal in some methods in Dir.</p>
	</blockquote>
	<p>Eric Wong reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/">
	  <p>There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby.</p>
	</blockquote>
	<p>Aaron Patterson reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/">
	  <p>There is an HTTP response splitting vulnerability in WEBrick bundled with Ruby.</p>
	</blockquote>
	<p>aerodudrizzt reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/">
	  <p>There is a buffer under-read vulnerability in String#unpack method.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/</url>
      <url>https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/</url>
      <url>https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/</url>
      <url>https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/</url>
      <url>https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/</url>
      <url>https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/</url>
      <cvename>CVE-2018-6914</cvename>
      <cvename>CVE-2018-8779</cvename>
      <cvename>CVE-2018-8780</cvename>
      <cvename>CVE-2018-8777</cvename>
      <cvename>CVE-2017-17742</cvename>
      <cvename>CVE-2018-8778</cvename>
    </references>
    <dates>
      <discovery>2018-03-28</discovery>
      <entry>2018-03-28</entry>
    </dates>
  </vuln>

  <vuln vid="1ce95bc7-3278-11e8-b527-00012e582166">
    <topic>webkit2-gtk3 -- multiple vulnerabilities</topic>
    <affects>

Return to bug 227053

Lines 58-63 Link Here

(-)vuln.xml (+56 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="b20d5f5e-32c2-11e8-a869-9c5c8e75236a">
		62	<topic>ruby -- multiple vulnerabilities</topic>
		63	<affects>
		64	<package>
		65	<name>ruby</name>
		66	<range><ge>2.3.0,1</ge><lt>2.3.7,1</lt></range>
		67	<range><ge>2.4.0,1</ge><lt>2.4.4,1</lt></range>
		68	<range><ge>2.5.0,1</ge><lt>2.5.1,1</lt></range>
		69	</package>
		70	</affects>
		71	<description>
		72	<body xmlns="http://www.w3.org/1999/xhtml">
		73	<p>ooooooo_q reports:</p>
		74	<blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/">
		75	<p>There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby, because it uses tmpdir internally.</p>
		76	</blockquote>
		77	<blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/">
		78	<p>There is a unintentional socket creation vulnerability in UNIXServer.open method of socket library bundled with Ruby. And there is also a unintentional socket access vulnerability in UNIXSocket.open method.</p>
		79	</blockquote>
		80	<blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/">
		81	<p>There is an unintentional directory traversal in some methods in Dir.</p>
		82	</blockquote>
		83	<p>Eric Wong reports:</p>
		84	<blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/">
		85	<p>There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby.</p>
		86	</blockquote>
		87	<p>Aaron Patterson reports:</p>
		88	<blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/">
		89	<p>There is an HTTP response splitting vulnerability in WEBrick bundled with Ruby.</p>
		90	</blockquote>
		91	<p>aerodudrizzt reports:</p>
		92	<blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/">
		93	<p>There is a buffer under-read vulnerability in String#unpack method.</p>
		94	</blockquote>
		95	</body>
		96	</description>
		97	<references>
		98	<url>https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/</url>
		99	<url>https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/</url>
		100	<url>https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/</url>
		101	<url>https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/</url>
		102	<url>https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/</url>
		103	<url>https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/</url>
		104	<cvename>CVE-2018-6914</cvename>
		105	<cvename>CVE-2018-8779</cvename>
		106	<cvename>CVE-2018-8780</cvename>
		107	<cvename>CVE-2018-8777</cvename>
		108	<cvename>CVE-2017-17742</cvename>
		109	<cvename>CVE-2018-8778</cvename>
		110	</references>
		111	<dates>
		112	<discovery>2018-03-28</discovery>
		113	<entry>2018-03-28</entry>
		114	</dates>
		115	</vuln>
		116
61	<vuln vid="1ce95bc7-3278-11e8-b527-00012e582166">	117	<vuln vid="1ce95bc7-3278-11e8-b527-00012e582166">
62	<topic>webkit2-gtk3 -- multiple vulnerabilities</topic>	118	<topic>webkit2-gtk3 -- multiple vulnerabilities</topic>
63	<affects>	119	<affects>