Summary: | <dev-lang/ruby-{2.2.10,2.3.7}: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hans de Graaff <graaff> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ruby |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.ruby-lang.org/en/news/2018/03/ | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
dev-lang/ruby-2.2.10
dev-lang/ruby-2.3.7
|
Runtime testing required: | --- |
Bug Depends on: | 639476 | ||
Bug Blocks: |
Description
Hans de Graaff
2018-03-29 06:23:59 UTC
Fixed versions are now available. Please test and mark stable. An automated check of this bug failed - repoman reported dependency errors (4 lines truncated):
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop/gnome) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop/gnome) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66f2619ef760bdb938c109f07de6fbe009e75b7d commit 66f2619ef760bdb938c109f07de6fbe009e75b7d Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-04-03 20:24:51 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-03 21:07:21 +0000 dev-lang/ruby: stable 2.3.7 for sparc Bug: https://bugs.gentoo.org/651884 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" dev-lang/ruby/ruby-2.3.7.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=370e4e1b0707bfaeb281245890620afcb516b19e commit 370e4e1b0707bfaeb281245890620afcb516b19e Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-04-03 20:23:18 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-03 21:07:21 +0000 dev-lang/ruby: stable 2.2.10 for sparc Bug: https://bugs.gentoo.org/651884 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" dev-lang/ruby/ruby-2.2.10.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} x86 stable An automated check of this bug failed - repoman reported dependency errors (4 lines truncated):
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop/gnome) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop/gnome) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
amd64 stable An automated check of this bug failed - repoman reported dependency errors (4 lines truncated):
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop/gnome) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop/gnome) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
ia64 stable An automated check of this bug failed - repoman reported dependency errors (4 lines truncated):
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop/gnome) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.7.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop/gnome) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
An automated check of this bug failed - repoman reported dependency errors (14 lines truncated):
> dependency.bad dev-lang/ruby/ruby-2.3.6.ebuild: PDEPEND: alpha(default/linux/alpha/13.0) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.6.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.6.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop/gnome) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.6.ebuild: PDEPEND: alpha(default/linux/alpha/13.0) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.6.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
> dependency.bad dev-lang/ruby/ruby-2.3.6.ebuild: PDEPEND: alpha(default/linux/alpha/13.0/desktop/gnome) ['>=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]', '>=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]', '>=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]', '>=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]', '>=dev-ruby/rake-10.4.2[ruby_targets_ruby23]', '>=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]', 'virtual/rubygems[ruby_targets_ruby23]', '>=dev-ruby/json-1.8.3[ruby_targets_ruby23]', '>=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23]']
alpha stable An automated check of this bug succeeded - the previous repoman errors are now resolved. arm stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29a804f86af7076d99446b99184a780d33fa2df7 commit 29a804f86af7076d99446b99184a780d33fa2df7 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-04-20 21:27:00 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-20 21:27:33 +0000 dev-lang/ruby: stable 2.3.7 for ppc64, bug #651884 Bug: https://bugs.gentoo.org/651884 Package-Manager: Portage-2.3.28, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc64" dev-lang/ruby/ruby-2.3.7.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c16067c7ee6fe1f5fd69767ebf2220e316ee057 commit 3c16067c7ee6fe1f5fd69767ebf2220e316ee057 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-04-20 21:26:53 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-20 21:27:33 +0000 dev-lang/ruby: stable 2.2.10 for ppc64, bug #651884 Bug: https://bugs.gentoo.org/651884 Package-Manager: Portage-2.3.28, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc64" dev-lang/ruby/ruby-2.2.10.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} hppa stable CVE-2018-8780 (https://nvd.nist.gov/vuln/detail/CVE-2018-8780): In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed. CVE-2018-8779 (https://nvd.nist.gov/vuln/detail/CVE-2018-8779): In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket. CVE-2018-8778 (https://nvd.nist.gov/vuln/detail/CVE-2018-8778): In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. CVE-2018-8777 (https://nvd.nist.gov/vuln/detail/CVE-2018-8777): In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). CVE-2018-6914 (https://nvd.nist.gov/vuln/detail/CVE-2018-6914): Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. CVE-2017-17742 (https://nvd.nist.gov/vuln/detail/CVE-2017-17742): Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. ppc stable Vulnerable versions have been removed. GLSA Vote: No Thanks all, re-opening. =dev-lang/ruby-2.3.6 is still in the tree which is vulnerable. Cleanup now really done. Thank you guys. Michael Boyle Security Padawan |