Summary: | <dev-lang/ruby-{2.2.7-r3, 2.3.4-r3}: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ruby |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1461846 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
dev-lang/ruby-2.2.7-r3
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 605536 |
Description
Agostino Sarubbo
2017-06-16 07:49:52 UTC
We can't mark new slots of ruby stable without a lenghty process, so marking ruby:2.4 stable is not a short-term solution. We may consider backporting this to ruby:2.2 and ruby:2.3. Fixed in: dev-lang/ruby-2.2.7-r3 dev-lang/ruby-2.3.4-r3 @Ruby, ready to stabilize? An automated check of this bug failed - repoman reported dependency errors (12 lines truncated):
> dependency.bad dev-lang/ruby/ruby-2.2.7-r3.ebuild: DEPEND: sparc(default/linux/sparc/13.0) ['>=app-eselect/eselect-ruby-20141227']
> dependency.bad dev-lang/ruby/ruby-2.2.7-r3.ebuild: PDEPEND: sparc(default/linux/sparc/13.0) ['>=dev-ruby/minitest-5.4.3[ruby_targets_ruby22]', '>=dev-ruby/power_assert-0.2.2[ruby_targets_ruby22]', '>=dev-ruby/test-unit-3.0.8[ruby_targets_ruby22]', 'virtual/rubygems[ruby_targets_ruby22]', '>=dev-ruby/json-1.8.1[ruby_targets_ruby22]', '>=dev-ruby/rake-0.9.6[ruby_targets_ruby22]', '>=dev-ruby/rdoc-4.0.1[ruby_targets_ruby22]']
> dependency.bad dev-lang/ruby/ruby-2.2.7-r3.ebuild: RDEPEND: sparc(default/linux/sparc/13.0) ['>=app-eselect/eselect-ruby-20141227']
ia64 stable An automated check of this bug failed - repoman reported dependency errors (12 lines truncated):
> dependency.bad dev-lang/ruby/ruby-2.2.7-r3.ebuild: DEPEND: sparc(default/linux/sparc/13.0) ['>=app-eselect/eselect-ruby-20141227']
> dependency.bad dev-lang/ruby/ruby-2.2.7-r3.ebuild: PDEPEND: sparc(default/linux/sparc/13.0) ['>=dev-ruby/minitest-5.4.3[ruby_targets_ruby22]', '>=dev-ruby/power_assert-0.2.2[ruby_targets_ruby22]', '>=dev-ruby/test-unit-3.0.8[ruby_targets_ruby22]', 'virtual/rubygems[ruby_targets_ruby22]', '>=dev-ruby/json-1.8.1[ruby_targets_ruby22]', '>=dev-ruby/rake-0.9.6[ruby_targets_ruby22]', '>=dev-ruby/rdoc-4.0.1[ruby_targets_ruby22]']
> dependency.bad dev-lang/ruby/ruby-2.2.7-r3.ebuild: RDEPEND: sparc(default/linux/sparc/13.0) ['>=app-eselect/eselect-ruby-20141227']
arm stable An automated check of this bug failed - repoman reported dependency errors (151 lines truncated):
> dependency.bad dev-lang/ruby/ruby-2.2.7-r3.ebuild: DEPEND: sparc(default/linux/sparc/13.0) ['>=app-eselect/eselect-ruby-20141227']
> dependency.bad dev-lang/ruby/ruby-2.2.7-r3.ebuild: PDEPEND: sparc(default/linux/sparc/13.0) ['>=dev-ruby/minitest-5.4.3[ruby_targets_ruby22]', '>=dev-ruby/power_assert-0.2.2[ruby_targets_ruby22]', '>=dev-ruby/test-unit-3.0.8[ruby_targets_ruby22]', 'virtual/rubygems[ruby_targets_ruby22]', '>=dev-ruby/json-1.8.1[ruby_targets_ruby22]', '>=dev-ruby/rake-0.9.6[ruby_targets_ruby22]', '>=dev-ruby/rdoc-4.0.1[ruby_targets_ruby22]']
> dependency.bad dev-lang/ruby/ruby-2.2.7-r3.ebuild: RDEPEND: sparc(default/linux/sparc/13.0) ['>=app-eselect/eselect-ruby-20141227']
An automated check of this bug succeeded - the previous repoman errors are now resolved. ppc/ppc64 stable Stable on alpha. commit 8993ae97bf0482fbaffed77b1f8b9fc6ba1e954d Author: Sergei Trofimovich <slyfox@gentoo.org> Date: Sat Sep 16 20:13:12 2017 +0100 dev-lang/ruby: stable 2.2.8 for hppa, bug #631034 Vulnerable versions have been removed. GLSA Vote: No |