23324 – ruby-rack-protection new security issue CVE-2018-1000119

Bug 23324 - ruby-rack-protection new security issue CVE-2018-1000119

Summary: ruby-rack-protection new security issue CVE-2018-1000119

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Pascal Terjan
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-07-17 16:28 CEST by David Walser
Modified:	2019-11-06 13:33 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	ruby-rack-protection-1.5.3-4.mga6.src.rpm
CVE:
Status comment:	Patch available from Debian

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-07-17 16:28:41 CEST

Debian has issued an advisory on July 16:
https://www.debian.org/security/2018/dsa-4247

Mageia 5 and Mageia 6 are also affected.

David Walser 2018-07-17 16:28:53 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 David Walser 2019-02-03 01:53:51 CET

Fixed upstream in 1.5.5 and 2.0.0, so Cauldron wasn't affected.

Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)
Source RPM: ruby-rack-protection-2.0.3-1.mga7.src.rpm => ruby-rack-protection-1.5.3-4.mga6.src.rpm
Status comment: (none) => Patch available from Debian

Comment 2 Mike Rambo 2019-11-06 13:33:59 CET

Mageia 6 is EOL.

Resolution: (none) => OLD
Status: NEW => RESOLVED
CC: (none) => mrambo

Note You need to log in before you can comment on or make changes to this bug.