ruby-bundler: CVE-2019-3881 #2248

l2dy · 2020-08-03T17:47:49Z

CVE IDs: CVE-2019-3881

Other security advisory IDs: openSUSE-SU-2020:0861-1

Description:

CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that
allowed malicious code execution (bsc#1143436).

Patches: from openSUSE or Debian

PoC(s): N/A

Architectural progress (Mainline):

The text was updated successfully, but these errors were encountered:

MingcongBai · 2020-08-26T05:51:15Z

Might have to delay this, since we build from .gem files and there's no clean way to patch them.

MingcongBai · 2021-03-19T06:16:22Z

All done. @l2dy Please assign an AOSA.

l2dy · 2021-03-21T13:39:27Z

Use AOSA-2021-0051.

l2dy added security Topic/issue involves a security issue/fixed to-stable labels Aug 3, 2020

MingcongBai added the stalled Topic/issue has stalled label Aug 26, 2020

MingcongBai added a commit that referenced this issue Mar 15, 2021

ruby-bundler: update to 2.1.4; #2248

83695f5

MingcongBai mentioned this issue Mar 16, 2021

Security Updates Survey on 20210314 #2865

Merged

10 tasks

MingcongBai added a commit that referenced this issue Mar 19, 2021

ruby-bundler: update to 2.1.4; #2248

ee84e4a

MingcongBai closed this as completed Mar 19, 2021

Provide feedback