[Git][security-tracker-team/security-tracker][master] Add CVE-2021-41816/ruby
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 1 06:50:42 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
48da2376 by Salvatore Bonaccorso at 2021-12-01T07:49:42+01:00
Add CVE-2021-41816/ruby
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9611,8 +9611,15 @@ CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsi
NOTE: Followups to mimic previous behaviour:
NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2)
NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2)
-CVE-2021-41816
+CVE-2021-41816 [Buffer Overrun in CGI.escape_html]
RESERVED
+ - ruby3.0 <unfixed>
+ - ruby2.7 <unfixed>
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ NOTE: Fixed in Ruby 3.0.3, 2.7.5
+ NOTE: https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/
+ TODO: check upstream commits
CVE-2021-41815
RESERVED
CVE-2021-41814
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48da2376f85e590dff5a0dacd7cd8f214d3a3086
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48da2376f85e590dff5a0dacd7cd8f214d3a3086
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211201/7e797b4e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list