FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3b50881d-1860-4721-aab1-503290e23f6c	Ruby -- unsafe tainted string vulnerability Ruby developer reports: There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi. And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not fixed at other branches, then rubies which bundled DL except Ruby 1.9.1 are still vulnerable. Discovery 2015-12-16 Entry 2015-12-23 ruby ge 2.0.0,1 lt 2.0.0.648,1 ge 2.1.0,1 lt 2.1.8,1 ge 2.2.0,1 lt 2.2.4,1 https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/ CVE-2015-7551

VuXML ID

Description

3b50881d-1860-4721-aab1-503290e23f6c

Ruby -- unsafe tainted string vulnerability

Ruby developer reports:

There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi.

And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not fixed at other branches, then rubies which bundled DL except Ruby 1.9.1 are still vulnerable.

Discovery 2015-12-16
Entry 2015-12-23
ruby

ge 2.0.0,1 lt 2.0.0.648,1

ge 2.1.0,1 lt 2.1.8,1

ge 2.2.0,1 lt 2.2.4,1

https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
CVE-2015-7551