Details

    • Template:
    • Team:
      Night's Watch
    • Story Points:
      2
    • Sprint:
      NW - 2019-10-16
    • Release Notes:
      Security Fix
    • Release Notes Summary:
      Hide
      Update ruby to 2.4.9 to address the following CVEs:
      - CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
      - CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication
      - CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
      - CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
      Show
      Update ruby to 2.4.9 to address the following CVEs: - CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test - CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication - CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix) - CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
    • QA Risk Assessment:
      Needs Assessment

      Description

      Address the following CVEs:
      This release includes security fixes. Please check the topics below for details.

      CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
      CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
      CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
      CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick’s Digest access authentication

        Attachments

          Activity

            People

            • Assignee:
              gabriel.nagy Gabriel Nagy
              Reporter:
              mihai.buzgau Mihai Buzgau
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support