Bug 39292 - Обновить
Summary: Обновить
Status: CLOSED FIXED
Alias: None
Product: Branch p9
Classification: Distributions
Component: ruby (show other bugs)
Version: не указана
Hardware: all Linux
: P5 major
Assignee: majioa@altlinux.org
QA Contact: qa-p9@altlinux.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-16 04:53 MSK by AEN
Modified: 2020-11-25 17:31 MSK (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description AEN 2020-11-16 04:53:37 MSK
У версии 5.5 https://nvd.nist.gov/vuln/detail/CVE-2019-16255
Надо обновить на полностью совместимую, возможно, пока 5.8
Comment 1 Repository Robot 2020-11-25 17:31:06 MSK
ruby-2.5.9-alt1 -> p9:

 Mon Nov 16 2020 Pavel Skrylev <majioa@altlinux> 2.5.9-alt1
 - ^ 2.5.5 -> 2.5.9
 - Fixes:
   + CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
     (closes #39292)
   + CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
   + CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and
     File.fnmatch?
   + CVE-2019-16201: Regular Expression Denial of Service vulnerability of
     WEBrick's Digest access authentication