Actions
Backport #9193
closedruby 1.9.3-p484 still vulnerable to CVE-2013-4287 and CVE-2013-4363 in included rubygems 1.8.23
Description
It appears that ruby 2.0.0-p353 included an update to rubygems 2.0.10 which fixes CVE-2013-4287 and CVE-2013-4363. ruby 1.9.3-p484 did not contain an update to the included rubygems, so it is still vulnerable. ruby 1.9.3 should either be updated to use rubygems 1.8.27 or 1.8.28, or the attached patch should be applied to fix the two CVEs.
Files
Updated by drbrain (Eric Hodel) over 9 years ago
Here's the patch I sent to security@ruby-lang.org
Updated by drbrain (Eric Hodel) over 9 years ago
- Status changed from Open to Assigned
- Assignee set to usa (Usaku NAKAMURA)
Updated by usa (Usaku NAKAMURA) over 9 years ago
fixed at r44335.
Thank you for reporting and patching!
Updated by usa (Usaku NAKAMURA) over 9 years ago
- Status changed from Assigned to Closed
Actions
Like0
Like0Like0Like0Like0