summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2021-12-01 07:46:59 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2021-12-01 07:46:59 +0100
commitfe414cad2e938a4a41b0360e49ace691d26e90fa (patch)
treebf69f21fda1add3b6283e4fc88a801137f28edab
parenteaa88167f1eed2b04deef5d424864e24d1b70cf0 (diff)
Add CVE-2021-41817/ruby
-rw-r--r--data/CVE/2021.list12
1 files changed, 11 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 35d6fb04f3..30be18fe1a 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -6131,8 +6131,18 @@ CVE-2021-41819
RESERVED
CVE-2021-41818
RESERVED
-CVE-2021-41817
+CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsing Methods]
RESERVED
+ - ruby3.0 <unfixed>
+ - ruby2.7 <unfixed>
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
+ NOTE: https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
+ NOTE: Fixed by: https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0 (v3.2.2)
+ NOTE: Followups to mimic previous behaviour:
+ NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2)
+ NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2)
CVE-2021-41816
RESERVED
CVE-2021-41815

© 2014-2024 Faster IT GmbH | imprint | privacy policy