Overview

File _patchinfo of Package patchinfo.38330

<patchinfo incident="38330">
  <issue tracker="bnc" id="1237804">VUL-0: CVE-2025-27219: ruby: denial of service in CGI::Cookie.parse</issue>
  <issue tracker="bnc" id="1237806">VUL-0: CVE-2025-27220: ruby: ReDoS in CGI::Util#escapeElement</issue>
  <issue tracker="bnc" id="1230930">VUL-0: CVE-2024-47220: ruby,ruby2.1,ruby2.5,ruby3.2: WEBrick: HTTP request smuggling</issue>
  <issue tracker="bnc" id="1235773">yast sap_ha should check if HDB is running on primary</issue>
  <issue tracker="cve" id="2024-47220"/>
  <issue tracker="cve" id="2025-27220"/>
  <issue tracker="cve" id="2025-27219"/>
  <packager>srbaker</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ruby2.5</summary>
  <description>This update for ruby2.5 fixes the following issues:

- CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse (bsc#1237804)    
- CVE-2025-27220: Fixed ReDoS in CGI::Util#escapeElement (bsc#1237806)
 
Other fixes:
- Improved fix for CVE-2024-47220 (bsc#1230930, bsc#1235773) 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places