Summary: | <dev-ruby/yajl-ruby-1.3.1: crafted JSON file causes ruby process crashes with a SIGABRT | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aleksandr Wagner (Kivak) <alwag> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ruby |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/brianmario/yajl-ruby/issues/176 | ||
Whiteboard: | C3 [noglsa cve] | ||
Package list: |
dev-ruby/yajl-ruby-1.3.1
|
Runtime testing required: | --- |
Description
Aleksandr Wagner (Kivak)
2017-11-03 23:57:56 UTC
We will wait for an upstream fix. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5171d48f94f79e2a8c7eecd21a5917416eb9d9a commit e5171d48f94f79e2a8c7eecd21a5917416eb9d9a Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2017-11-08 06:36:26 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2017-11-08 06:36:43 +0000 dev-ruby/yajl-ruby: add 1.3.1, fixing bug 636474 Bug: https://bugs.gentoo.org/636474 Package-Manager: Portage-2.3.8, Repoman-2.3.3 dev-ruby/yajl-ruby/Manifest | 1 + dev-ruby/yajl-ruby/yajl-ruby-1.3.1.ebuild | 45 +++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+)} Please test and mark 1.3.1 stable. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2cf203c0967df5bfc083532dc953d543b74e840a commit 2cf203c0967df5bfc083532dc953d543b74e840a Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-06 14:25:58 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-06 14:26:20 +0000 dev-ruby/yajl-ruby: amd64 stable Bug: https://bugs.gentoo.org/636474 Package-Manager: Portage-2.3.28, Repoman-2.3.9 dev-ruby/yajl-ruby/yajl-ruby-1.3.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} Stable on alpha. ia64 stable x86 stable arm stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=739f624bb8ef4251299f831e7e3eacd3ef7baa92 commit 739f624bb8ef4251299f831e7e3eacd3ef7baa92 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-24 19:46:56 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-24 20:20:19 +0000 dev-ruby/yajl-ruby: stable 1.3.1 for ppc64, bug #636474 Bug: https://bugs.gentoo.org/636474 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc64" dev-ruby/yajl-ruby/yajl-ruby-1.3.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ppc stable Sparc done. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b03eebfb5f8b07b94873d1ca9a7bdc4f19439e41 commit b03eebfb5f8b07b94873d1ca9a7bdc4f19439e41 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-07-13 14:41:32 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-13 18:46:06 +0000 dev-ruby/yajl-ruby: stable 1.3.1 for sparc Bug: https://bugs.gentoo.org/636474 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="sparc" dev-ruby/yajl-ruby/yajl-ruby-1.3.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Cleanup done. Thank you. Waiting to see if this is good for a glsa. Michael Boyle Gentoo Security Padawan GLSA Vote: No Thank you all for you work. Closing as [noglsa] |