First Last Prev Next    This bug is not in your last search results.
Bug 36993 - ruby1.9.1: Multiple issues (4.0)
ruby1.9.1: Multiple issues (4.0)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P4 normal (vote)
: UCS 4.0-3-errata
Assigned To: Daniel Tröder
Stefan Gohmann
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-11-25 11:21 CET by Moritz Muehlenhoff
Modified: 2017-10-26 13:54 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-11-25 11:21:26 CET 
Object taint bypassing in DL and Fiddle (CVE-2013-2065) 
Denial of service in the encodes() function (CVE-2014-4975)
Denial of service through unrestricted XML entity expansion (CVE-2014-8080, CVE-2014-8090)
Comment 1 Arvid Requate univentionstaff 2015-05-04 13:01:07 CEST 
Man-in-the-middle attack via crafted SSL certificates (CVE-2015-1855)
Comment 2 Arvid Requate univentionstaff 2015-05-04 13:03:18 CEST 
Fix available in upstream Debian version 1.9.3.194-8.1+deb7u5
Comment 3 Daniel Tröder univentionstaff 2015-09-02 17:26:11 CEST 
* ruby1.9.1 1.9.3.194-8.1+deb7u5 was imported and build to scope errata4.0-3.
* Drop test patch (4.0-0-0-ucs/1.9.3.194-8.1+deb7u5-errata4.0-3/drop-test.patch) was updated.
* r15230, r15232 and 15233 add a new patch (4.0-0-0-ucs/1.9.3.194-8.1+deb7u5-errata4.0-3/020-raise-test-dh-size.patch) to make openssl tests work.
* YAML (r63405, r63409): 2015-09-02-ruby1.9.1.yaml

2013-2065: oldstable: not vulnerable
Comment 4 Stefan Gohmann univentionstaff 2015-09-08 15:32:47 CEST 
YAML: OK

ruby tests: OK

Redmine tested: OK
Comment 5 Janek Walkenhorst univentionstaff 2015-09-09 15:17:44 CEST 
<http://errata.software-univention.de/ucs/4.0/313.html>
First Last Prev Next    This bug is not in your last search results.