Back to bug 1301946
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-01-26 12:21:51 UTC | Depends On | 1301947 | |
| Adam Mariš | 2016-01-26 12:21:59 UTC | Depends On | 1301948 | |
| Adam Mariš | 2016-01-26 13:36:49 UTC | Summary | CVE-2016-0751 rubygem-rails: Possible Object Leak and Denial of Service attack in Action Pack | CVE-2016-0751 rubygem-actionpack: Possible Object Leak and Denial of Service attack in Action Pack |
| Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,sam-1/rubygem-rails=new,sam-1/ruby193-rubygem-rails=new,cfme-5.2/ruby193-rubygem-rails=new,cfme-5.3/ruby193-rubygem-rails=new,rhscl-2/rh-ror41-ruby193-rubygem-rails=new,rhscl-2/ror40-rubygem-rails=new,rhscl-2/ruby193-rubygem-rails=new,openshift-1/ruby193-rubygem-rails=affected,fedora-all/rubygem-rails=affected | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,rhscl-2/rh-ror41-rubygem-actionpack=new,rhscl-2/ror40-rubygem-actionpack=new,rhscl-2/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected | ||
| Adam Mariš | 2016-01-26 13:59:42 UTC | Depends On | 1302002 | |
| Adam Mariš | 2016-01-26 14:08:28 UTC | Blocks | 1302006 | |
| Tomas Hoger | 2016-02-05 14:43:58 UTC | Fixed In Version | rubygem-rails 5.0.0.beta1.1, rubygem-rails 4.2.5.1, rubygem-rails 4.1.14.1, rubygem-rails 3.2.22.1 | rubygem-actionpack 5.0.0.beta1.1, rubygem-actionpack 4.2.5.1, rubygem-actionpack 4.1.14.1, rubygem-actionpack 3.2.22.1 |
| Summary | CVE-2016-0751 rubygem-actionpack: Possible Object Leak and Denial of Service attack in Action Pack | CVE-2016-0751 rubygem-actionpack: possible object leak and denial of service attack in Action Pack | ||
| Tomas Hoger | 2016-02-05 14:45:55 UTC | Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,rhscl-2/rh-ror41-rubygem-actionpack=new,rhscl-2/ror40-rubygem-actionpack=new,rhscl-2/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected |
| Ján Rusnačko | 2016-02-09 13:52:06 UTC | CC | jrusnack | |
| Doc Text | A flaw was found in a way Rails performed MIME types lookups. Since queries were cached in a global cache of mime types, attacker could use this flaw to grow the cache indefinitely, potentially resulting in denial of service. | |||
| Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=affected,cfme-5.3/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected | ||
| Tomas Hoger | 2016-02-10 13:30:06 UTC | Depends On | 1306275 | |
| Tomas Hoger | 2016-02-10 13:30:13 UTC | Depends On | 1306276 | |
| Tomas Hoger | 2016-02-10 13:30:19 UTC | Depends On | 1306277 | |
| Tomas Hoger | 2016-02-10 13:30:27 UTC | Depends On | 1306278 | |
| Tomas Hoger | 2016-02-10 13:30:31 UTC | Depends On | 1306279 | |
| Tomas Hoger | 2016-02-10 13:30:41 UTC | Depends On | 1306281 | |
| Ján Rusnačko | 2016-02-10 15:04:45 UTC | Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=affected,cfme-5.3/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected |
| Joe Rafaniello | 2016-02-10 15:54:41 UTC | CC | jrafanie | |
| Summer Long | 2016-02-17 01:07:18 UTC | CC | slong | |
| Doc Text | A flaw was found in a way Rails performed MIME types lookups. Since queries were cached in a global cache of mime types, attacker could use this flaw to grow the cache indefinitely, potentially resulting in denial of service. | An input-validation flaw was found in the way Rails performed MIME types lookups. Since queries are stored in a global cache of mime types, a remote attacker could use this flaw to indefinitely grow the cache, potentially resulting in denial of service. | ||
| Martin Prpič | 2016-02-24 09:31:54 UTC | Doc Text | An input-validation flaw was found in the way Rails performed MIME types lookups. Since queries are stored in a global cache of mime types, a remote attacker could use this flaw to indefinitely grow the cache, potentially resulting in denial of service. | A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service. |
| Tomas Hoger | 2016-03-15 21:03:48 UTC | Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-770,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected |
| Tomas Hoger | 2016-03-15 21:22:43 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-03-15 17:22:43 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:43:28 UTC | Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-770,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected | |
| Ondrej Soukup | 2021-06-02 06:20:48 UTC | CC | osoukup |
Back to bug 1301946