diff options
| author | jrm <jrm@FreeBSD.org> | 2017-08-30 02:19:33 +0800 |
|---|---|---|
| committer | jrm <jrm@FreeBSD.org> | 2017-08-30 02:19:33 +0800 |
| commit | d130aba2e9e44b517848128ed83710e59a978988 (patch) | |
| tree | b4429b719f20d8c8583bb2fe214a82f2ec04f79f /security | |
| parent | 04487cbeb6dbfb3bbf4aaae806642ee6d29eb126 (diff) | |
| download | freebsd-ports-gnome-d130aba2e9e44b517848128ed83710e59a978988.tar.gz freebsd-ports-gnome-d130aba2e9e44b517848128ed83710e59a978988.tar.zst freebsd-ports-gnome-d130aba2e9e44b517848128ed83710e59a978988.zip | |
security/vuxml: Add entry for multiple rubygems vulnerabilities reported
2017-08-29 at
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
Approved by: swills
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ea6bc969f05c..c927d5012e14 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,37 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="3f6de636-8cdb-11e7-9c71-f0def1fd7ea2"> + <topic>rubygems -- multiple vulnerabilities</topic> + <affects> + <package> + <name>ruby22-gems</name> + <name>ruby23-gems</name> + <name>ruby24-gems</name> + <range><lt>2.6.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Official blog of RubyGems reports:</p> + <blockquote cite="https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/"> + <p>The following vulnerabilities have been reported: a DNS request + hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS + vulnerability in the query command, and a vulnerability in the gem + installer that allowed a malicious gem to overwrite arbitrary + files.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/</url> + </references> + <dates> + <discovery>2017-08-29</discovery> + <entry>2017-08-29</entry> + </dates> + </vuln> + <vuln vid="7d7e05fb-64da-435a-84fb-4061493b89b9"> <topic>kanboard -- multiple privilege escalation vulnerabilities</topic> <affects> |