FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  366223
Date:      2014-08-26
Time:      16:36:41Z
Committer: rene

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
54237182-9635-4a8b-92d7-33bfaeed84cdruby-gems -- Algorithmic Complexity Vulnerability

Ruby Gem developers report:

RubyGems validates versions with a regular expression that is vulnerable to denial of service due to backtracking. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption.


Discovery 2013-09-09
Entry 2013-11-24
ruby19-gems
lt 1.8.26

ruby20-gems
lt 1.8.26

CVE-2013-4287
742eb9e4-e3cb-4f5a-b94e-0e9a39420600ruby-gems -- Algorithmic Complexity Vulnerability

Ruby Gem developers report:

The patch for CVE-2013-4363 was insufficiently verified so the combined regular expression for verifying gem version remains vulnerable following CVE-2013-4363.

RubyGems validates versions with a regular expression that is vulnerable to denial of service due to backtracking. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption.


Discovery 2013-09-24
Entry 2013-11-24
ruby19-gems
lt 1.8.27

ruby20-gems
lt 1.8.27

CVE-2013-4363