Summary: | dev-ruby/rack-{1.6.12,2.0.8}, dev-ruby/rails-{5.2.4.1,6.0.2.1}: Possible Information Leak / Session Hijack Vulnerability in Rack (CVE-2019-16782) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hans de Graaff <graaff> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ruby |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2019/12/18/2 | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
dev-ruby/rack-1.6.12
dev-ruby/rack-2.0.8 amd64
|
Runtime testing required: | --- |
Description
Hans de Graaff
2019-12-18 19:44:18 UTC
rack 1.6.12 and 2.0.8 have been added. This bug also requires new rails releases to leverage the changes in dev-ruby/rack. Rails 5.2.4.1 and Rails 6.0.2.1 have been released with fixes. rails 5.2.4.1 and 6.0.2.1 have been added amd64 stable hppa/sparc stable x86 stable arm stable ia64 stable s390 stable ppc64 stable ppc stable Cleanup done. @maintainer(s), again, thanks for the verbosity - it does help when keeping track of the versions! Tree is clean. Resetting sanity check; keywords are not fully specified and arches are not CC-ed. GLSA Vote: No Thank you all for you work. Closing as [noglsa]. |