Uploaded image for project: 'Funtoo Linux'
  1. Funtoo Linux
  2. FL-11149

[ruby-kit] CVE-2023-28755 and CVE-2023-28756: ReDoS vulnerability in URI and Time RubyGems

XMLWordPrintable

    • Icon: Security Vulnerability Security Vulnerability
    • Resolution: Fixed
    • Icon: Important (Ebuild) Important (Ebuild)
    • None
    • None
    • This impacts the security of ruby apps.

      This week two new upstream vulnerabilities dropped for Ruby:

      1. CVE-2023-28755: ReDoS vulnerability in URI 
      2. CVE-2023-28756: ReDoS vulnerability in Time

      This will require a patch version bump across all dev-lang/ruby versions 2.7 and above:

      • Ruby 2.7.8
      • Ruby 3.0.6
      • Ruby 3.1.4
      • Ruby 3.2.2

      These new Ruby versions need to be bumped in both 1.4 and next releases.

            siris siris
            siris siris
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: