Summary: | <dev-ruby/nokogiri-1.10.4: Command injection allowing commands to be executed in a subprocess by Ruby's `Kernel.open` method (CVE-2019-5477) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ruby |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
dev-ruby/nokogiri-1.10.4
dev-ruby/rexical-1.0.7
|
Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2019-08-12 05:21:10 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=caf197d03fb9a2e355844d12defdfa60db61ccc7 commit caf197d03fb9a2e355844d12defdfa60db61ccc7 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2019-08-12 07:02:20 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2019-08-12 07:02:35 +0000 dev-ruby/nokogiri: add 1.10.4 Bug: https://bugs.gentoo.org/691974 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Hans de Graaff <graaff@gentoo.org> dev-ruby/nokogiri/Manifest | 1 + dev-ruby/nokogiri/nokogiri-1.10.4.ebuild | 91 ++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+) Please test and mark stable. x86 stable ppc64 stable ppc stable ia64 stable sparc stable amd64 stable alpha stable arm stable s390 stable hppa stable Cleanup done. Resetting sanity check; keywords are not fully specified and arches are not CC-ed. Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. This issue was resolved and addressed in GLSA 202006-05 at https://security.gentoo.org/glsa/202006-05 by GLSA coordinator Aaron Bauman (b-man). |