Overview

File _patchinfo of Package patchinfo.37643

<patchinfo incident="37643">
  <category>security</category>
  <rating>important</rating>
  <packager>msmeissn</packager>
  <summary>Security update for ruby2.5</summary>
<description>
This update for ruby2.5 fixes the following issues:

- CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick (bsc#1230930)
- CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml (bsc#1232440)

Other fixes:

- [ruby/uri] Fix quadratic backtracking on invalid relative URI
- [ruby/time] Make RFC2822 regexp linear
- [ruby/time] Fix quadratic backtracking on invalid time
- merge some parts of CGI 0.1.1

</description>
  <issue id="2024-47220" tracker="cve"/>
  <issue id="1230930" tracker="bnc">VUL-0: CVE-2024-47220: ruby,ruby2.1,ruby2.5,ruby3.2: WEBrick: HTTP request smuggling</issue>
  <issue id="2024-49761" tracker="cve"/>
  <issue id="1232440" tracker="bnc">VUL-0: CVE-2024-49761: rubygem-rexml: ReDoS vulnerability</issue>
</patchinfo>
openSUSE Build Service is sponsored by
Places