Summary: | <dev-java/jruby-1.7.1: Hash collision DoS (CVE-2012-5370) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | java, ruby |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 442230 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2012-11-28 23:03:15 UTC
As far as I can tell this is fixed in jruby 1.7.1, but we are still providing 1.6.x. jruby 1.6 is now masked for removal. (In reply to Hans de Graaff from comment #2) > jruby 1.6 is now masked for removal. Thank you jruby 1.6.x was removed some time ago. Per previous comments the vulnerable version was removed. Following links verify that: http://jruby.org/2012/12/03/jruby-1-7-1 https://bugzilla.redhat.com/show_bug.cgi?id=880671 |