Fedora 33: rubygem-addressable 2021-e9fc035565
Summary
Addressable is an alternative implementation to the URI implementation that is
part of Ruby's standard library. It is flexible, offers heuristic parsing, and
additionally provides extensive support for IRIs and URI templates.
A security flaw was found on rubygem-addressable that a crafted template may
cause DOS. This issue is now assinged as CVE-2021-32740. This new rpm should fix
this issue.
* Sun Aug 8 2021 Mamoru TASAKA
- Upstream patch for CVE-2021-32740 (bug 1979702)
* Fri Jul 23 2021 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jan 27 2021 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
[ 1 ] Bug #1979703 - CVE-2021-32740 rubygem-addressable: ReDoS in templates [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1979703
su -c 'dnf upgrade --advisory FEDORA-2021-e9fc035565' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
FEDORA-2021-e9fc035565 2021-08-27 18:55:25.463057 Product : Fedora 33 Version : 2.7.0 Release : 5.fc33 URL : https://github.com/sporkmonger/addressable Summary : URI Implementation Description : Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. It is flexible, offers heuristic parsing, and additionally provides extensive support for IRIs and URI templates. A security flaw was found on rubygem-addressable that a crafted template may cause DOS. This issue is now assinged as CVE-2021-32740. This new rpm should fix this issue. * Sun Aug 8 2021 Mamoru TASAKA - 2.7.0-5 - Upstream patch for CVE-2021-32740 (bug 1979702) * Fri Jul 23 2021 Fedora Release Engineering - 2.7.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jan 27 2021 Fedora Release Engineering - 2.7.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [ 1 ] Bug #1979703 - CVE-2021-32740 rubygem-addressable: ReDoS in templates [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1979703 su -c 'dnf upgrade --advisory FEDORA-2021-e9fc035565' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Change Log
References