Bug 39292

Summary: Обновить
Product: Branch p9 Reporter: AEN <aen>
Component: rubyAssignee: majioa <majioa>
Status: CLOSED FIXED QA Contact: qa-p9 <qa-p9>
Severity: major    
Priority: P5 CC: majioa
Version: не указана   
Hardware: all   
OS: Linux   

Description AEN 2020-11-16 04:53:37 MSK 
У версии 5.5 https://nvd.nist.gov/vuln/detail/CVE-2019-16255
Надо обновить на полностью совместимую, возможно, пока 5.8
Comment 1 Repository Robot 2020-11-25 17:31:06 MSK 
ruby-2.5.9-alt1 -> p9:

 Mon Nov 16 2020 Pavel Skrylev <majioa@altlinux> 2.5.9-alt1
 - ^ 2.5.5 -> 2.5.9
 - Fixes:
   + CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
     (closes #39292)
   + CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
   + CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and
     File.fnmatch?
   + CVE-2019-16201: Regular Expression Denial of Service vulnerability of
     WEBrick's Digest access authentication