Changes made to bug 1310043

Back to bug 1310043

Who	When	What	Removed	Added
Adam Mariš	2016-02-19 10:20:52 UTC	CC		security-response-team
Red Hat Bugzilla	2016-02-19 10:20:52 UTC	Doc Type	---	Bug Fix
Adam Mariš	2016-02-19 10:47:16 UTC	Blocks		1310055
Tomas Hoger	2016-02-19 20:07:07 UTC	Fixed In Version	rubygem-actionview 3.2.22.2	rubygem-actionpack 3.2.22.2
Tomas Hoger	2016-02-19 20:07:07 UTC	Summary	EMBARGOED CVE-2016-2097 rubygem-actionview, rubygem-actionpack: Directory traversal and information leak in Action View	EMBARGOED CVE-2016-2097 rubygem-actionpack: Directory traversal and information leak in Action View
Tomas Hoger	2016-02-19 20:09:43 UTC	Whiteboard	impact=important,public=no,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-22,rhscl-2/ruby193-rubygem-actionpack=new,rhscl-2/ror40-rubygem-actionpack=new,rhscl-2/rh-ror41-rubygem-actionpack=new,rhscl-2/rh-ror41-rubygem-actionview=new,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=new,fedora-all/rubygem-actionview=notaffected	impact=important,public=no,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-22,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=notaffected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,rhscl-2/rh-ror41-rubygem-actionview=notaffected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=notaffected
Tomas Hoger	2016-02-19 20:14:27 UTC	Whiteboard	impact=important,public=no,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-22,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=notaffected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,rhscl-2/rh-ror41-rubygem-actionview=notaffected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=notaffected	impact=important,public=no,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-22,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,rhscl-2/rh-ror41-rubygem-actionview=notaffected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=notaffected
Tomas Hoger	2016-02-19 20:15:46 UTC	Depends On		1310233
Tomas Hoger	2016-02-19 20:15:53 UTC	Depends On		1310234
Tomas Hoger	2016-02-19 20:16:01 UTC	Depends On		1310235
Tomas Hoger	2016-02-19 20:16:08 UTC	Depends On		1310236
Adam Mariš	2016-02-22 10:22:54 UTC	Whiteboard	impact=important,public=no,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-22,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,rhscl-2/rh-ror41-rubygem-actionview=notaffected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=notaffected	impact=important,public=20160223,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-22,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,rhscl-2/rh-ror41-rubygem-actionview=notaffected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=notaffected
Adam Mariš	2016-03-01 14:07:44 UTC	Fixed In Version	rubygem-actionpack 3.2.22.2	rubygem-actionpack 3.2.22.2, rubygem-actionpack 4.1.14.2
Adam Mariš	2016-03-01 14:07:44 UTC	Whiteboard	impact=important,public=20160223,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-22,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,rhscl-2/rh-ror41-rubygem-actionview=notaffected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=notaffected	impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-22,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,rhscl-2/rh-ror41-rubygem-actionview=notaffected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected
Adam Mariš	2016-03-01 14:09:01 UTC	Attachment #1128503 Attachment is obsolete	0	1
Adam Mariš	2016-03-01 14:12:28 UTC	Summary	EMBARGOED CVE-2016-2097 rubygem-actionpack: Directory traversal and information leak in Action View	CVE-2016-2097 rubygem-actionpack: Directory traversal and information leak in Action View
Adam Mariš	2016-03-01 14:12:35 UTC	Group	security, qe_staff
Adam Mariš	2016-03-01 14:14:20 UTC	Depends On		1313385
Adam Mariš	2016-03-01 14:14:29 UTC	Depends On		1313386
Ján Rusnačko	2016-03-04 15:12:27 UTC	CC		jrusnack
Ján Rusnačko	2016-03-04 15:13:53 UTC	Doc Text		An incomplete fix was found for directory traversal flaw in Action View. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this to render unexpected files and, possibly, execute arbitrary code.
Tomas Hoger	2016-03-08 12:19:07 UTC	Whiteboard	impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-22,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,rhscl-2/rh-ror41-rubygem-actionview=notaffected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected	impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-22,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=notaffected
Tomas Hoger	2016-03-08 12:30:00 UTC	Fixed In Version	rubygem-actionpack 3.2.22.2, rubygem-actionpack 4.1.14.2	rubygem-actionpack 3.2.22.2, rubygem-actionview 4.1.14.2
Tomas Hoger	2016-03-08 12:30:00 UTC	Summary	CVE-2016-2097 rubygem-actionpack: Directory traversal and information leak in Action View	CVE-2016-2097 rubygem-actionview, rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix
Tomas Hoger	2016-03-08 12:39:42 UTC	Depends On		1315704
Tomas Hoger	2016-03-08 12:39:49 UTC	Depends On		1315705
Joe Rafaniello	2016-03-08 14:18:25 UTC	CC	jrafanie
Summer Long	2016-03-11 01:01:28 UTC	CC		slong
Summer Long	2016-03-11 01:01:28 UTC	Doc Text	An incomplete fix was found for directory traversal flaw in Action View. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this to render unexpected files and, possibly, execute arbitrary code.	A path-traversal vulnerability was discovered in Action View. Applications that passed unverified user input to the `render` method in a controller could be vulnerable to an information leak. If an application used 'render' to pass untrusted input, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.
Tomas Hoger	2016-03-14 11:30:44 UTC	Doc Text	A path-traversal vulnerability was discovered in Action View. Applications that passed unverified user input to the `render` method in a controller could be vulnerable to an information leak. If an application used 'render' to pass untrusted input, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.	A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this to render unexpected files and, possibly, execute arbitrary code.
Martin Prpič	2016-03-14 12:37:38 UTC	Doc Text	A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this to render unexpected files and, possibly, execute arbitrary code.	A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.
Tomas Hoger	2016-03-15 21:20:21 UTC	Status	NEW	CLOSED
		Resolution	---	ERRATA
		Last Closed		2016-03-15 17:20:21 UTC
Product Security DevOps Team	2019-09-29 13:44:17 UTC	Whiteboard	impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-22,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=wontfix,cfme-5.3/ruby193-rubygem-actionpack=wontfix,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=notaffected

Back to bug 1310043