Skip to content

GHSA SYNC: 5 modified advisories #995

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
postmodern merged 3 commits into from
Feb 14, 2026
Merged

GHSA SYNC: 5 modified advisories #995

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8f0c8da
GHSA SYNC: 1 new advisory; 4 modified advisories
jasnow Feb 13, 2026
1547593
GHSA SYNC: 5 modified advisories
jasnow Feb 14, 2026
eb8d469
Merge branch 'rubysec:master' into master
jasnow Feb 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion rubies/ruby/CVE-2008-2376.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
---
engine: ruby
cve: 2008-2376
url: http://www.openwall.com/lists/oss-security/2008/07/02/3
ghsa: f7wf-fwmg-r7g3
url: https://nvd.nist.gov/vuln/detail/CVE-2008-2376
title: More ruby integer overflows (rb_ary_fill / Array#fill)
date: 2008-06-30
description: |
Expand All @@ -16,3 +17,12 @@ patched_versions:
- "~> 1.8.6.286"
- "~> 1.8.7.71"
- ">= 1.9.0"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2008-2376
- https://web.archive.org/web/20211205152129/https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?revision=17756&view=revision
- http://www.debian.org/security/2008/dsa-1612
- http://www.debian.org/security/2008/dsa-1618
- https://security.gentoo.org/glsa/200812-17
- http://www.openwall.com/lists/oss-security/2008/07/02/3
- https://github.com/advisories/GHSA-f7wf-fwmg-r7g3
10 changes: 9 additions & 1 deletion rubies/ruby/CVE-2011-0188.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
---
engine: ruby
cve: 2011-0188
url: https://github.com/ruby/ruby/commit/f83651ac30c7c776dee8a6a401c654757cb8d1c2
ghsa: 6vch-6cgr-x9c3
url: https://nvd.nist.gov/vuln/detail/CVE-2011-0188
title: Ruby memory corruption in BigDecimal on 64bit platforms
date: 2011-03-01
description: |
Expand All @@ -15,3 +16,10 @@ cvss_v2: 6.8
patched_versions:
- "~> 1.8.7.370"
- ">= 1.9.3.preview.1"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2011-0188
- https://github.com/ruby/ruby/commit/f83651ac30c7c776dee8a6a401c654757cb8d1c2
- https://support.apple.com/en-us/103340
- https://bugzilla.redhat.com/show_bug.cgi?id=682332
- https://github.com/advisories/GHSA-6vch-6cgr-x9c3
14 changes: 13 additions & 1 deletion rubies/ruby/CVE-2011-2686.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
---
engine: ruby
cve: 2011-2686
url: https://osdir.com/ml/lang-ruby-core/2011-01/msg00917.html
ghsa: g8g6-3p4h-6388
url: https://nvd.nist.gov/vuln/detail/CVE-2011-2686
title: Ruby Random Number Generation Local Denial Of Service Vulnerability
date: 2011-07-02
description: |
Expand All @@ -15,3 +16,14 @@ unaffected_versions:
- "< 1.8.6.399"
patched_versions:
- ">= 1.8.7.352"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2011-2686
- http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released
- https://github.com/ruby/ruby/blob/v1_8_7_352/ChangeLog
- https://bugzilla.redhat.com/show_bug.cgi?id=722415
- http://www.openwall.com/lists/oss-security/2011/07/11/1
- http://www.openwall.com/lists/oss-security/2011/07/12/14
- http://www.openwall.com/lists/oss-security/2011/07/20/1
- http://www.openwall.com/lists/oss-security/2011/07/20/16
- https://github.com/advisories/GHSA-g8g6-3p4h-6388
12 changes: 12 additions & 0 deletions rubies/ruby/CVE-2011-2705.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
engine: ruby
cve: 2011-2705
ghsa: wj5x-c2v9-7wwr
url: https://redmine.ruby-lang.org/issues/4579
title: Ruby Random Number Generation Local Denial Of Service Vulnerability
date: 2011-07-02
Expand All @@ -14,3 +15,14 @@ cvss_v2: 5.0
patched_versions:
- "~> 1.8.7.352"
- ">= 1.9.2.290"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2011-2705
- http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released
- https://github.com/ruby/ruby/blob//v1_8_7_352/ChangeLog
- https://bugzilla.redhat.com/show_bug.cgi?id=722415
- http://www.openwall.com/lists/oss-security/2011/07/12/14
- http://www.openwall.com/lists/oss-security/2011/07/11/1
- http://www.openwall.com/lists/oss-security/2011/07/20/1
- http://www.openwall.com/lists/oss-security/2011/07/20/16
- https://github.com/advisories/GHSA-wj5x-c2v9-7wwr
13 changes: 12 additions & 1 deletion rubies/ruby/CVE-2012-4466.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
---
engine: ruby
cve: 2012-4466
url: https://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/
ghsa: gm9g-777x-3fp6
url: https://nvd.nist.gov/vuln/detail/CVE-2012-4466
title: Ruby name_err_mesg_to_str Method Safe Level Security Bypass
date: 2012-10-12
description: |
Expand All @@ -14,3 +15,13 @@ cvss_v2: 5.0
patched_versions:
- "~> 1.8.7.371"
- ">= 1.9.3.286"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2012-4466
- https://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466
- https://web.archive.org/web/20210120155544/https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
- http://www.openwall.com/lists/oss-security/2012/10/02/4
- http://www.openwall.com/lists/oss-security/2012/10/03/9
- https://bugzilla.redhat.com/show_bug.cgi?id=862614
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294
- https://github.com/advisories/GHSA-gm9g-777x-3fp6