Bug 29783

Summary: ruby new security issues CVE-2020-36327, CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-4181[679]
Product: Mageia Reporter: Nicolas Lécureuil <mageia>
Component: SecurityAssignee: Pascal Terjan <pterjan>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: luigiwalser, mageia, pterjan, security
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: ruby-2.7.2-34.mga9.src.rpm CVE:
Status comment: Fixed upstream in 2.7.5

Description Nicolas Lécureuil 2021-12-19 00:19:45 CET 
+++ This bug was initially created as a clone of Bug #29004 +++

Ubuntu has issued an advisory on April 20:
https://ubuntu.com/security/notices/USN-4922-1

The issue is fixed upstream in 2.7.3.

Ubuntu has a patch for 2.5.x.

Mageia 7 and Mageia 8 are also affected.
Nicolas Lécureuil 2021-12-19 00:21:08 CET

Depends on: 29004 => (none)

Nicolas Lécureuil 2021-12-19 00:21:15 CET

Status comment: (none) => Fixed upstream in 2.7.5

Nicolas Lécureuil 2021-12-19 00:21:29 CET

Assignee: bugsquad => pterjan

Comment 1 David Walser 2022-01-19 17:33:13 CET 
Ubuntu has issued an advisory for the last three CVEs on January 18:
https://ubuntu.com/security/notices/USN-5235-1
Comment 2 Pascal Terjan 2022-02-27 20:26:50 CET 
Ruby 3.1.0 is in cauldron
Comment 3 Pascal Terjan 2022-02-27 20:27:01 CET 
Closing

Status: NEW => RESOLVED
Resolution: (none) => FIXED