Summary: | <dev-lang/ruby-2.2.7-r4: through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory (CVE-2017-14064) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | ruby |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.ruby-lang.org/issues/13853 | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: |
dev-lang/ruby-2.2.7-r4
dev-ruby/json-1.8.6-r1
|
Runtime testing required: | --- |
Bug Depends on: | 631034 | ||
Bug Blocks: |
Description
D'juan McDonald (domhnall)
2017-08-31 19:17:22 UTC
This also affects dev-ruby/json. This is fixed in dev-ruby/json-2.1.0 and I have just backported this to dev-ruby/json-1.8.6-r1. Fixed dev-lang/ruby revisions: dev-lang/ruby-2.2.7-r4 dev-lang/ruby-2.3.4-r4 dev-lang/ruby-2.4.1-r4 An automated check of this bug failed - the following atom is unknown: dev-lang/ruby-2.2.7-r4 Please verify the atom list. (In reply to Hans de Graaff from comment #2) > Fixed dev-lang/ruby revisions: > > dev-lang/ruby-2.2.7-r4 > dev-lang/ruby-2.3.4-r4 > dev-lang/ruby-2.4.1-r4 Hans, git push? (In reply to Aaron Bauman from comment #4) > Hans, git push? Yes :-/ ia64 stable Stable on alpha. arm stable ppc64 stable amd64 tested, ok (In reply to Christopher Díaz from comment #10) > amd64 tested, ok amd64 stable This security bug is superseded by bug 631034 Please complete stabilization of =dev-ruby/json-1.8.6-r1 here, and please go to Depends bug for the Ruby! hppa stable ppc stable Last arch is done here. @x86 please test and mark stable dev-ruby/json-1.8.6-r1 This issue was resolved and addressed in GLSA 201710-18 at https://security.gentoo.org/glsa/201710-18 by GLSA coordinator Aaron Bauman (b-man). |