diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-01 07:46:59 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-01 07:46:59 +0100 |
commit | a8f8d9003721a5bf16ee5a4c286617dde659d065 (patch) | |
tree | b359a07cb153c5ec4d3e69e25a12354f74980abb | |
parent | 9134755bf9d40ef8082af12d130724a8650b27f5 (diff) |
Add CVE-2021-41817/ruby
-rw-r--r-- | data/CVE/list.2021 | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 35d6fb04f3..30be18fe1a 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -6131,8 +6131,18 @@ CVE-2021-41819 RESERVED CVE-2021-41818 RESERVED -CVE-2021-41817 +CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsing Methods] RESERVED + - ruby3.0 <unfixed> + - ruby2.7 <unfixed> + - ruby2.5 <removed> + - ruby2.3 <removed> + NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9 + NOTE: https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/ + NOTE: Fixed by: https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0 (v3.2.2) + NOTE: Followups to mimic previous behaviour: + NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2) + NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2) CVE-2021-41816 RESERVED CVE-2021-41815 |