Skip to content

Commit 627ae63

Browse files
jasnowjasnow
authored
GHSA SYNC: 5 modified advisories (#995)
1 parent 1ede1c0 commit 627ae63

File tree

5 files changed

+57
-4
lines changed

5 files changed

+57
-4
lines changed

rubies/ruby/CVE-2008-2376.yml

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
---
22
engine: ruby
33
cve: 2008-2376
4-
url: http://www.openwall.com/lists/oss-security/2008/07/02/3
4+
ghsa: f7wf-fwmg-r7g3
5+
url: https://nvd.nist.gov/vuln/detail/CVE-2008-2376
56
title: More ruby integer overflows (rb_ary_fill / Array#fill)
67
date: 2008-06-30
78
description: |
@@ -16,3 +17,12 @@ patched_versions:
1617
- "~> 1.8.6.286"
1718
- "~> 1.8.7.71"
1819
- ">= 1.9.0"
20+
related:
21+
url:
22+
- https://nvd.nist.gov/vuln/detail/CVE-2008-2376
23+
- https://web.archive.org/web/20211205152129/https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?revision=17756&view=revision
24+
- http://www.debian.org/security/2008/dsa-1612
25+
- http://www.debian.org/security/2008/dsa-1618
26+
- https://security.gentoo.org/glsa/200812-17
27+
- http://www.openwall.com/lists/oss-security/2008/07/02/3
28+
- https://github.com/advisories/GHSA-f7wf-fwmg-r7g3

rubies/ruby/CVE-2011-0188.yml

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
---
22
engine: ruby
33
cve: 2011-0188
4-
url: https://github.com/ruby/ruby/commit/f83651ac30c7c776dee8a6a401c654757cb8d1c2
4+
ghsa: 6vch-6cgr-x9c3
5+
url: https://nvd.nist.gov/vuln/detail/CVE-2011-0188
56
title: Ruby memory corruption in BigDecimal on 64bit platforms
67
date: 2011-03-01
78
description: |
@@ -15,3 +16,10 @@ cvss_v2: 6.8
1516
patched_versions:
1617
- "~> 1.8.7.370"
1718
- ">= 1.9.3.preview.1"
19+
related:
20+
url:
21+
- https://nvd.nist.gov/vuln/detail/CVE-2011-0188
22+
- https://github.com/ruby/ruby/commit/f83651ac30c7c776dee8a6a401c654757cb8d1c2
23+
- https://support.apple.com/en-us/103340
24+
- https://bugzilla.redhat.com/show_bug.cgi?id=682332
25+
- https://github.com/advisories/GHSA-6vch-6cgr-x9c3

rubies/ruby/CVE-2011-2686.yml

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
---
22
engine: ruby
33
cve: 2011-2686
4-
url: https://osdir.com/ml/lang-ruby-core/2011-01/msg00917.html
4+
ghsa: g8g6-3p4h-6388
5+
url: https://nvd.nist.gov/vuln/detail/CVE-2011-2686
56
title: Ruby Random Number Generation Local Denial Of Service Vulnerability
67
date: 2011-07-02
78
description: |
@@ -15,3 +16,14 @@ unaffected_versions:
1516
- "< 1.8.6.399"
1617
patched_versions:
1718
- ">= 1.8.7.352"
19+
related:
20+
url:
21+
- https://nvd.nist.gov/vuln/detail/CVE-2011-2686
22+
- http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released
23+
- https://github.com/ruby/ruby/blob/v1_8_7_352/ChangeLog
24+
- https://bugzilla.redhat.com/show_bug.cgi?id=722415
25+
- http://www.openwall.com/lists/oss-security/2011/07/11/1
26+
- http://www.openwall.com/lists/oss-security/2011/07/12/14
27+
- http://www.openwall.com/lists/oss-security/2011/07/20/1
28+
- http://www.openwall.com/lists/oss-security/2011/07/20/16
29+
- https://github.com/advisories/GHSA-g8g6-3p4h-6388

rubies/ruby/CVE-2011-2705.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
---
22
engine: ruby
33
cve: 2011-2705
4+
ghsa: wj5x-c2v9-7wwr
45
url: https://redmine.ruby-lang.org/issues/4579
56
title: Ruby Random Number Generation Local Denial Of Service Vulnerability
67
date: 2011-07-02
@@ -14,3 +15,14 @@ cvss_v2: 5.0
1415
patched_versions:
1516
- "~> 1.8.7.352"
1617
- ">= 1.9.2.290"
18+
related:
19+
url:
20+
- https://nvd.nist.gov/vuln/detail/CVE-2011-2705
21+
- http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released
22+
- https://github.com/ruby/ruby/blob//v1_8_7_352/ChangeLog
23+
- https://bugzilla.redhat.com/show_bug.cgi?id=722415
24+
- http://www.openwall.com/lists/oss-security/2011/07/12/14
25+
- http://www.openwall.com/lists/oss-security/2011/07/11/1
26+
- http://www.openwall.com/lists/oss-security/2011/07/20/1
27+
- http://www.openwall.com/lists/oss-security/2011/07/20/16
28+
- https://github.com/advisories/GHSA-wj5x-c2v9-7wwr

rubies/ruby/CVE-2012-4466.yml

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
---
22
engine: ruby
33
cve: 2012-4466
4-
url: https://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/
4+
ghsa: gm9g-777x-3fp6
5+
url: https://nvd.nist.gov/vuln/detail/CVE-2012-4466
56
title: Ruby name_err_mesg_to_str Method Safe Level Security Bypass
67
date: 2012-10-12
78
description: |
@@ -14,3 +15,13 @@ cvss_v2: 5.0
1415
patched_versions:
1516
- "~> 1.8.7.371"
1617
- ">= 1.9.3.286"
18+
related:
19+
url:
20+
- https://nvd.nist.gov/vuln/detail/CVE-2012-4466
21+
- https://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466
22+
- https://web.archive.org/web/20210120155544/https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
23+
- http://www.openwall.com/lists/oss-security/2012/10/02/4
24+
- http://www.openwall.com/lists/oss-security/2012/10/03/9
25+
- https://bugzilla.redhat.com/show_bug.cgi?id=862614
26+
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294
27+
- https://github.com/advisories/GHSA-gm9g-777x-3fp6

0 commit comments

Comments
 (0)