Summary: | <dev-lang/{ruby-1.8.7_p302, ruby-enterprise-1.8.7.2010.02-r1}; <dev-lang/jruby-1.5.2: WEBrick XSS (CVE-2010-0541) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ruby |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/ | ||
Whiteboard: | A4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2010-08-16 08:20:47 UTC
1.8.6 → backport 1.8.7 → update to _p302 1.9.2_rc2 → backport (~arch + p.masked) Arches, please test and mark stable: =dev-lang/ruby-1.8.7_p302 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" Stable for HPPA PPC. amd64 done x86 stable dev-lang/jruby is also affected; I've added the 1.5.2 version to the tree, which solves it, and should be ready to go stable for x86/amd64. The problem is with ppc that still got an ancient jruby version that is not even compatible with the ruby-ng system... I guess they might want to remove the 1.3.1-r1 ebuild entirely for now. x86 stable amd64 done arm stable alpha/ia64/s390/sh/sparc stable Fixed in dev-lang/ruby-enterprise-1.8.7.2010.02-r1 (~arch only). ppc64 done PPC was done by jer, too. Removing from CC. GLSA vote: NO No, too. Closing noglsa. |