Loading...

XML

Word

Printable

Type: Security Vulnerability
Resolution: Fixed
Priority: Severe (Users)
Fix Version/s: None
Component/s: None
Labels:
- cve
- ruby

Impact:
Vulnerable dev-lang/ruby exist in the Funtoo tree CVE-2021-33621
Presumptive Root Cause:
CVE-2021-33621

There is new CVE for Ruby publicly post on 22 Nov 2022:

https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/

This will require patch updates to all dev-lang/ruby YAML autogens in next and manual curated ebuild version bumps in 1.4 to these versions:

2.7.7 – https://www.ruby-lang.org/en/news/2022/11/24/ruby-2-7-7-released/

3.0.5 – https://www.ruby-lang.org/en/news/2022/11/24/ruby-3-0-5-released/

3.1.3 – https://www.ruby-lang.org/en/news/2022/11/24/ruby-3-1-3-released/

Please make the PR against Harvester 2022-11 before it merges or directly to kit-fixups if that Harvester 2022-11 merge window is missed.

causes

FL-10773 [ruby-kit] dev-lang/ruby-3.1.2: bundled Gems are broken because of Gentoo ebuild practices

Closed

relates to

FL-10803 Fail to emerge dev-lang/ruby-2.7.6 on 1.4-release

Closed

FL-10306 next: ruby: detect and remove/fix broken ruby-based apps in Funtoo

Work Queue

Assignee:: siris

Reporter:: siris

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 28/Nov/22 3:38 AM

Updated:: 05/Dec/22 9:47 PM

Resolved:: 03/Dec/22 3:29 AM