CVE-2021-32823: In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers. Patch: https://github.com/dmendel/bindata/commit/d99f050b88337559be2cb35906c1f8da49531323 Please bump to 2.4.10.
Package list is empty or all packages have requested keywords.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7b08ad8c26cfdf83481f70d4010d0ab73333157 commit f7b08ad8c26cfdf83481f70d4010d0ab73333157 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2021-08-08 05:51:57 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2021-08-08 05:51:57 +0000 dev-ruby/bindata: cleanup Bug: https://bugs.gentoo.org/798417 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: Hans de Graaff <graaff@gentoo.org> dev-ruby/bindata/Manifest | 3 --- dev-ruby/bindata/bindata-2.4.6.ebuild | 22 ---------------------- dev-ruby/bindata/bindata-2.4.7.ebuild | 22 ---------------------- dev-ruby/bindata/bindata-2.4.8.ebuild | 22 ---------------------- 4 files changed, 69 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2bec4ab7f5ce551ca1e954ff50cf8b9467f9cd5d commit 2bec4ab7f5ce551ca1e954ff50cf8b9467f9cd5d Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2021-08-08 05:51:16 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2021-08-08 05:51:16 +0000 dev-ruby/bindata: add 2.4.10 Bug: https://bugs.gentoo.org/798417 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: Hans de Graaff <graaff@gentoo.org> dev-ruby/bindata/Manifest | 1 + dev-ruby/bindata/bindata-2.4.10.ebuild | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+)
Thanks, all done!