29783 – ruby new security issues CVE-2020-36327, CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-4181[679]

Bug 29783 - ruby new security issues CVE-2020-36327, CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-4181[679]

Summary: ruby new security issues CVE-2020-36327, CVE-2021-28965, CVE-2021-31799, CVE-...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	Pascal Terjan
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-12-19 00:19 CET by Nicolas Lécureuil
Modified:	2022-02-27 20:27 CET (History)
CC List:	4 users (show)

See Also:
Source RPM:	ruby-2.7.2-34.mga9.src.rpm
CVE:
Status comment:	Fixed upstream in 2.7.5

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Lécureuil 2021-12-19 00:19:45 CET

+++ This bug was initially created as a clone of Bug #29004 +++

Ubuntu has issued an advisory on April 20:
https://ubuntu.com/security/notices/USN-4922-1

The issue is fixed upstream in 2.7.3.

Ubuntu has a patch for 2.5.x.

Mageia 7 and Mageia 8 are also affected.

Nicolas Lécureuil 2021-12-19 00:21:08 CET

Depends on: 29004 => (none)

Nicolas Lécureuil 2021-12-19 00:21:15 CET

Status comment: (none) => Fixed upstream in 2.7.5

Nicolas Lécureuil 2021-12-19 00:21:29 CET

Assignee: bugsquad => pterjan

Comment 1 David Walser 2022-01-19 17:33:13 CET

Ubuntu has issued an advisory for the last three CVEs on January 18:
https://ubuntu.com/security/notices/USN-5235-1

Comment 2 Pascal Terjan 2022-02-27 20:26:50 CET

Ruby 3.1.0 is in cauldron

Comment 3 Pascal Terjan 2022-02-27 20:27:01 CET

Closing

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.