From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on starla X-Spam-Level: X-Spam-Status: No, score=0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_BL_SPAMCOP_NET,SPF_HELO_PASS, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received: from nue.mailmanlists.eu (nue.mailmanlists.eu [94.130.110.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 7C6801F44D for ; Thu, 21 Mar 2024 07:07:20 +0000 (UTC) Authentication-Results: dcvr.yhbt.net; dkim=pass (1024-bit key; secure) header.d=ml.ruby-lang.org header.i=@ml.ruby-lang.org header.a=rsa-sha256 header.s=mail header.b=UaEKDdPC; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ruby-lang.org header.i=@ruby-lang.org header.a=rsa-sha256 header.s=s1 header.b=GvH0gcTG; dkim-atps=neutral Received: from nue.mailmanlists.eu (localhost [127.0.0.1]) by nue.mailmanlists.eu (Postfix) with ESMTP id 800478369D; Thu, 21 Mar 2024 07:07:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ml.ruby-lang.org; s=mail; t=1711004833; bh=uHpmcuOYkt24o3mjmC0L/2AmeBBCjGUQHG4qY8GW34o=; h=Date:References:To:Reply-To:Subject:List-Id:List-Archive: List-Help:List-Owner:List-Post:List-Subscribe:List-Unsubscribe: From:Cc:From; b=UaEKDdPC7785U3Ba8JmzwK33y/I1xdzeWNUts5D0HpvH6qZxkB7x5L6Fq8tpMNdOM AaMR3gma0kJwTj6goZRXktTEUWy/O4GkUBMn6X8MAjZ0EJiL+xIhTgXjDeWltPH5Aq G8LAo2k30seJbJfIkMg3gNpwUdf5prR+5r68JZzE= Received: from s.csnrwnwx.outbound-mail.sendgrid.net (s.csnrwnwx.outbound-mail.sendgrid.net [198.37.146.154]) by nue.mailmanlists.eu (Postfix) with ESMTPS id B8C86834F2 for ; Thu, 21 Mar 2024 07:07:09 +0000 (UTC) Authentication-Results: nue.mailmanlists.eu; dkim=pass (2048-bit key; unprotected) header.d=ruby-lang.org header.i=@ruby-lang.org header.a=rsa-sha256 header.s=s1 header.b=GvH0gcTG; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ruby-lang.org; h=from:references:subject:mime-version:content-type: content-transfer-encoding:list-id:to:cc:content-type:from:subject:to; s=s1; bh=mPLqD3Kn3oOYVezjjoJo6ANIlpvCZoPVB4wT5b6g1Y0=; b=GvH0gcTGoPeU0eiYFfwY+DWNIZ4SFqhZ7OqZi8A4psTKbsDR23wB/9q/VbdQEPTrnveS pj/GS2qB8rYVvMAEa5im0JKOWGdy0FXwki55c/FVkVjoVLlq1eKuwtdoUEU4uZMsP5zYeT qd6ng6J+TSw4vIGWJOxgwPTf4w9Kk6gE722FnL3AuawAHmxK8qcRzkC2YZXu7AqoVJGiTu NY3wZAngZpbgLMTVEpsKzbMy8mSifjHzdZQw38kXfnyfD6KywVqX1ZuPZ33ZRSRGUcPVd6 rgKrtwrHfh+D0tCJrcdjhvCr4kdrmnDDqaQX/jYLjJg/XKpJ9cA/TmKIAnoSWt6Q== Received: by recvd-7fc89fc779-6297c with SMTP id recvd-7fc89fc779-6297c-1-65FBDC9B-17 2024-03-21 07:07:07.802769794 +0000 UTC m=+209250.938865837 Received: from herokuapp.com (unknown) by geopod-ismtpd-26 (SG) with ESMTP id y3qMWd2FQvmLH_HFLCwaow for ; Thu, 21 Mar 2024 07:07:07.731 +0000 (UTC) Date: Thu, 21 Mar 2024 07:07:07 +0000 (UTC) Message-ID: References: Mime-Version: 1.0 X-Redmine-Project: ruby-master X-Redmine-Issue-Tracker: Bug X-Redmine-Issue-Id: 20386 X-Redmine-Issue-Author: hsbt X-Redmine-Issue-Priority: Normal X-Redmine-Sender: hsbt X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-Redmine-MailingListIntegration-Message-Ids: 93880 X-SG-EID: =?us-ascii?Q?u001=2ESNtsfy=2FRYrUmxOeGSN+Ah1new64UppKFg8YOAgra6KK6sIhqEP6LswYh4?= =?us-ascii?Q?tCf2AhAD20FCmXanLCSpdJ9Heq83FKB1eeA=2FIRz?= =?us-ascii?Q?=2FUFVHcMb3GMD9lqOCGiSA+7OTMzyEoyT1EUIiyS?= =?us-ascii?Q?qhn2eONk6TgTP6lcrztomjDOc50KhFHS5OH8zAM?= =?us-ascii?Q?mv8+eKp7lKuQ926LE8k6WXu1Y+=2FQ8jyoo+VmMnS?= =?us-ascii?Q?8RGnV7BWsueCulXF+TGY855XlXaLDA7objEyoFe?= =?us-ascii?Q?RahN4GeZRmOez0inwT=2FabMDsTg=3D=3D?= To: ruby-core@ml.ruby-lang.org X-Entity-ID: u001.I8uzylDtAfgbeCOeLBYDww== Message-ID-Hash: 4SLUGIOG5KFCDHBNA7CZLCUWUJIEFHF6 X-Message-ID-Hash: 4SLUGIOG5KFCDHBNA7CZLCUWUJIEFHF6 X-MailFrom: bounces+313651-b711-ruby-core=ml.ruby-lang.org@em5188.ruby-lang.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.3 Precedence: list Reply-To: Ruby developers Subject: [ruby-core:117281] [Ruby master Bug#20386] Backport CVE-2024-27281 List-Id: Ruby developers Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: "hsbt (Hiroshi SHIBATA) via ruby-core" Cc: "hsbt (Hiroshi SHIBATA)" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Issue #20386 has been reported by hsbt (Hiroshi SHIBATA). ---------------------------------------- Bug #20386: Backport CVE-2024-27281 https://bugs.ruby-lang.org/issues/20386 * Author: hsbt (Hiroshi SHIBATA) * Status: Closed * Backport: 3.0: REQUIRED, 3.1: REQUIRED, 3.2: REQUIRED, 3.3: REQUIRED ---------------------------------------- I disclosed https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/ today. We should backport fixed RDoc to all stable version. * For 3.0: https://github.com/ruby/ruby/pull/10319 * For 3.1: https://github.com/ruby/ruby/pull/10318 * For 3.2: https://github.com/ruby/ruby/pull/10317 * For 3.3: https://github.com/ruby/ruby/pull/10316 -- https://bugs.ruby-lang.org/ ______________________________________________ ruby-core mailing list -- ruby-core@ml.ruby-lang.org To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/