FreeBSD Bugzilla – Attachment 191916 Details for
Bug 227053
security/vuxml: Document multiple vulnerabilities in Ruby
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch file
security_vuxml.patch (text/plain), 3.58 KB, created by
Yasuhiro Kimura
on 2018-03-28 21:51:47 UTC
(
hide
)
Description:
patch file
Filename:
MIME Type:
Creator:
Yasuhiro Kimura
Created:
2018-03-28 21:51:47 UTC
Size:
3.58 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 465848) >+++ vuln.xml (working copy) >@@ -58,6 +58,62 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="b20d5f5e-32c2-11e8-a869-9c5c8e75236a"> >+ <topic>ruby -- multiple vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>ruby</name> >+ <range><ge>2.3.0,1</ge><lt>2.3.7,1</lt></range> >+ <range><ge>2.4.0,1</ge><lt>2.4.4,1</lt></range> >+ <range><ge>2.5.0,1</ge><lt>2.5.1,1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>ooooooo_q reports:</p> >+ <blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/"> >+ <p>There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby, because it uses tmpdir internally.</p> >+ </blockquote> >+ <blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/"> >+ <p>There is a unintentional socket creation vulnerability in UNIXServer.open method of socket library bundled with Ruby. And there is also a unintentional socket access vulnerability in UNIXSocket.open method.</p> >+ </blockquote> >+ <blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/"> >+ <p>There is an unintentional directory traversal in some methods in Dir.</p> >+ </blockquote> >+ <p>Eric Wong reports:</p> >+ <blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/"> >+ <p>There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby.</p> >+ </blockquote> >+ <p>Aaron Patterson reports:</p> >+ <blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/"> >+ <p>There is an HTTP response splitting vulnerability in WEBrick bundled with Ruby.</p> >+ </blockquote> >+ <p>aerodudrizzt reports:</p> >+ <blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/"> >+ <p>There is a buffer under-read vulnerability in String#unpack method.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/</url> >+ <url>https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/</url> >+ <url>https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/</url> >+ <url>https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/</url> >+ <url>https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/</url> >+ <url>https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/</url> >+ <cvename>CVE-2018-6914</cvename> >+ <cvename>CVE-2018-8779</cvename> >+ <cvename>CVE-2018-8780</cvename> >+ <cvename>CVE-2018-8777</cvename> >+ <cvename>CVE-2017-17742</cvename> >+ <cvename>CVE-2018-8778</cvename> >+ </references> >+ <dates> >+ <discovery>2018-03-28</discovery> >+ <entry>2018-03-28</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="1ce95bc7-3278-11e8-b527-00012e582166"> > <topic>webkit2-gtk3 -- multiple vulnerabilities</topic> > <affects>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 227053
: 191916