FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-17 01:42:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
cc9043cf-7f7a-426e-b2cc-8d1980618113	ruby -- Heap Overflow in Floating Point Parsing Ruby developers report: Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to floating point values (especially common when accepting JSON) are vulnerable. Discovery 2013-11-22 Entry 2013-11-23 ruby19 < 1.9.3.484,1 ruby20 < 2.0.0.353,1 https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/ https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released/ CVE-2013-4164
d4379f59-3e9b-49eb-933b-61de4d0b0fdb	Ruby -- OpenSSL Hostname Verification Vulnerability Ruby Developers report: After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Rubyâs OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching of more than one wildcard per subject/SAN is no-longer allowed. As well, comparison of these values are now case-insensitive. Discovery 2015-04-13 Entry 2015-04-14 Modified 2015-09-23 ruby ruby20 >= 2.0,1 lt 2.0.0.645,1 ruby ruby21 >= 2.1,1 lt 2.1.6,1 ruby ruby22 >= 2.2,1 lt 2.2.2,1 https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ CVE-2015-1855

VuXML ID

Description

cc9043cf-7f7a-426e-b2cc-8d1980618113

ruby -- Heap Overflow in Floating Point Parsing

Ruby developers report:

Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to floating point values (especially common when accepting JSON) are vulnerable.

Discovery 2013-11-22
Entry 2013-11-23
ruby19

< 1.9.3.484,1

ruby20

< 2.0.0.353,1

https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/
https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released/
CVE-2013-4164

d4379f59-3e9b-49eb-933b-61de4d0b0fdb

Ruby -- OpenSSL Hostname Verification Vulnerability

Ruby Developers report:

After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates.

Rubyâs OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching of more than one wildcard per subject/SAN is no-longer allowed. As well, comparison of these values are now case-insensitive.

Discovery 2015-04-13
Entry 2015-04-14
Modified 2015-09-23
ruby
ruby20

>= 2.0,1 lt 2.0.0.645,1

ruby
ruby21

>= 2.1,1 lt 2.1.6,1

ruby
ruby22

>= 2.2,1 lt 2.2.2,1

https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/
CVE-2015-1855