Summary: | <dev-lang/ruby-{2.4.10,2.5.8,2.6.6,2.7.1}: Heap exposure vulnerability in the socket library (CVE-2020-10933) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hans de Graaff <graaff> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ruby |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
dev-lang/ruby-2.4.10
dev-lang/ruby-2.5.8 amd64 arm arm64 x86 hppa s390 sparc
|
Runtime testing required: | --- |
Description
Hans de Graaff
2020-03-31 14:07:12 UTC
Thanks for this. The tree looks clean to me, so I think we just need to consider glsa or not. Is that right? (In reply to Sam James (sam_c) (security padawan) from comment #1) > Thanks for this. > > The tree looks clean to me, so I think we just need to consider glsa or not. > Is that right? Critical misreading. Thanks graaf for correcting me on IRC! @maintainer(s), please create an appropriate ebuild. Ebuilds added for: ruby-2.4.10 ruby-2.5.8 ruby-2.6.6 ruby-2.7.1 Given that the 2.4 and 2.5 versions contain minor other changes I'll wait a day or so before stabling these versions. (In reply to Hans de Graaff from comment #3) > Ebuilds added for: > > ruby-2.4.10 > ruby-2.5.8 > ruby-2.6.6 > ruby-2.7.1 > > Given that the 2.4 and 2.5 versions contain minor other changes I'll wait a > day or so before stabling these versions. Okay, great. Please test and mark stable. arm stable amd64 stable s390 stable sparc stable x86 stable arm64 stable hppa stable Resetting sanity check; keywords are not fully specified and arches are not CC-ed. @maintainer(s), please cleanup Correction: still waiting on ppc, ppc64. ppc stable ppc64 stable. Maintainer(s), please cleanup. Security, please vote. Resetting sanity check; keywords are not fully specified and arches are not CC-ed. Cleanup done. GLSA Vote: No Thank you all for you work. Closing as [noglsa]. |