Summary: | <dev-lang/ruby{1.9.3_p551-r1,2.0.0_p645}: OpenSSL extension hostname matching implementation violates RFC 6125 (CVE-2015-1855) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ruby |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1209981 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-04-09 09:57:46 UTC
The ruby team will wait for new upstream releases for this. ruby-2.0.0_p645, ruby-2.1.6, and ruby-2.2.2 are now in the gentoo tree. These are the upstream releases where this bug is fixed. The openssl patch has also been backported to ruby-1.9.3_p551-r1. Since ruby 1.9 and ruby 2.0 only contain this security fix we can move to stablization right away: =dev-lang/ruby-1.9.3_p551-r1 =dev-lang/ruby-2.0.0_p645 amd64 stable x86 stable Stable for HPPA. Stable for PPC64. ppc stable alpha stable ia64 stable sparc stable arm stable. Maintainer(s), please cleanup. Security, please vote. Vulnerable versions have been removed. Arches and Maintainer(s), Thank you for your work. GLSA Vote: No NO too, closing. |