Bug #20385: Backport CVE-2024-27280 - Ruby master - Ruby Issue Tracking System

Actions

Bug #20385

closed

Backport CVE-2024-27280

Added by hsbt (Hiroshi SHIBATA) about 1 month ago.

Status:

Closed

Assignee:

-

Target version:

-

ruby -v:

Backport:

3.0: REQUIRED, 3.1: REQUIRED, 3.2: DONTNEED, 3.3: DONTNEED

[ruby-core:117280]

Description

I disclosed https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/ today.

This StringIO versions should be backported in the next release.

For Ruby 3.0: https://github.com/ruby/ruby/pull/10320
For Ruby 3.1: https://github.com/ruby/ruby/pull/10321

No data to display

Actions

Also available in: Atom PDF

Like0