[Git][security-tracker-team/security-tracker][master] Add CVE-2021-41817/ruby
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 1 06:47:22 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f315483b by Salvatore Bonaccorso at 2021-12-01T07:46:59+01:00
Add CVE-2021-41817/ruby
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9599,8 +9599,18 @@ CVE-2021-41819
RESERVED
CVE-2021-41818
RESERVED
-CVE-2021-41817
+CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsing Methods]
RESERVED
+ - ruby3.0 <unfixed>
+ - ruby2.7 <unfixed>
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
+ NOTE: https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
+ NOTE: Fixed by: https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0 (v3.2.2)
+ NOTE: Followups to mimic previous behaviour:
+ NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2)
+ NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2)
CVE-2021-41816
RESERVED
CVE-2021-41815
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f315483bbedeba09773b0e22debf5feeb00ed151
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f315483bbedeba09773b0e22debf5feeb00ed151
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211201/cc91186e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list