[Git][security-tracker-team/security-tracker][master] Add CVE-2021-41817/ruby

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 1 06:47:22 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f315483b by Salvatore Bonaccorso at 2021-12-01T07:46:59+01:00
Add CVE-2021-41817/ruby

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9599,8 +9599,18 @@ CVE-2021-41819
 	RESERVED
 CVE-2021-41818
 	RESERVED
-CVE-2021-41817
+CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsing Methods]
 	RESERVED
+	- ruby3.0 <unfixed>
+	- ruby2.7 <unfixed>
+	- ruby2.5 <removed>
+	- ruby2.3 <removed>
+	NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
+	NOTE: https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
+	NOTE: Fixed by: https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0 (v3.2.2)
+	NOTE: Followups to mimic previous behaviour:
+	NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2)
+	NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2)
 CVE-2021-41816
 	RESERVED
 CVE-2021-41815



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f315483bbedeba09773b0e22debf5feeb00ed151

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f315483bbedeba09773b0e22debf5feeb00ed151
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211201/cc91186e/attachment.htm>


More information about the debian-security-tracker-commits mailing list