Back to bug 1310054
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-02-19 10:38:20 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-02-19 10:38:20 UTC | Doc Type | --- | Bug Fix |
| Adam Mariš | 2016-02-19 10:47:08 UTC | Blocks | 1310055 | |
| Tomas Hoger | 2016-02-19 20:12:28 UTC | Whiteboard | impact=important,public=no,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,rhscl-2/ruby193-rubygem-actionpack=new,rhscl-2/ror40-rubygem-actionpack=new,rhscl-2/rh-ror41-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=new,epel-5/rubygem-actionpack=affected | impact=important,public=no,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=new,fedora-all/rubygem-actionpack=notaffected,epel-5/rubygem-actionpack=affected |
| Tomas Hoger | 2016-02-19 20:15:46 UTC | Depends On | 1310233 | |
| Tomas Hoger | 2016-02-19 20:15:53 UTC | Depends On | 1310234 | |
| Tomas Hoger | 2016-02-19 20:16:01 UTC | Depends On | 1310235 | |
| Tomas Hoger | 2016-02-19 20:16:08 UTC | Depends On | 1310236 | |
| Adam Mariš | 2016-02-22 10:22:41 UTC | Whiteboard | impact=important,public=no,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=new,fedora-all/rubygem-actionpack=notaffected,epel-5/rubygem-actionpack=affected | impact=important,public=20160223,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=new,fedora-all/rubygem-actionpack=notaffected,epel-5/rubygem-actionpack=affected |
| Adam Mariš | 2016-03-01 13:51:09 UTC | Attachment #1128508 Attachment is obsolete | 0 | 1 |
| Adam Mariš | 2016-03-01 14:00:29 UTC | Whiteboard | impact=important,public=20160223,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=new,fedora-all/rubygem-actionpack=notaffected,epel-5/rubygem-actionpack=affected | impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=new,fedora-all/rubygem-actionpack=notaffected,epel-5/rubygem-actionpack=affected |
| Adam Mariš | 2016-03-01 14:00:35 UTC | Summary | EMBARGOED CVE-2016-2098 rubygem-actionpack: Code injection vulnerability in Action Pack | CVE-2016-2098 rubygem-actionpack: Code injection vulnerability in Action Pack |
| Adam Mariš | 2016-03-01 14:00:43 UTC | Group | security, qe_staff | |
| Adam Mariš | 2016-03-01 14:05:53 UTC | Fixed In Version | rubygem-actionpack 3.2.22.2 | rubygem-actionpack 3.2.22.2, rubygem-actionpack 4.1.14.2, rubygem-actionpack 4.2.5.2 |
| Whiteboard | impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=new,fedora-all/rubygem-actionpack=notaffected,epel-5/rubygem-actionpack=affected | impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=new,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected | ||
| Adam Mariš | 2016-03-01 14:14:59 UTC | Depends On | 1313387 | |
| Adam Mariš | 2016-03-01 14:16:04 UTC | Whiteboard | impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=new,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected | impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected |
| Adam Mariš | 2016-03-01 14:16:40 UTC | Depends On | 1313388 | |
| Adam Mariš | 2016-03-01 14:16:48 UTC | Depends On | 1313389 | |
| Tomas Hoger | 2016-03-08 12:32:17 UTC | Whiteboard | impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionpack=notaffected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionpack=affected,epel-5/rubygem-actionpack=affected | impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected,epel-5/rubygem-actionpack=affected |
| Tomas Hoger | 2016-03-08 12:36:55 UTC | Fixed In Version | rubygem-actionpack 3.2.22.2, rubygem-actionpack 4.1.14.2, rubygem-actionpack 4.2.5.2 | rubygem-actionpack 3.2.22.2, rubygem-actionview 4.1.14.2, rubygem-actionview 4.2.5.2 |
| Summary | CVE-2016-2098 rubygem-actionpack: Code injection vulnerability in Action Pack | CVE-2016-2098 rubygem-actionview, rubygem-actionpack: code injection vulnerability in Action View | ||
| Tomas Hoger | 2016-03-08 12:39:42 UTC | Depends On | 1315704 | |
| Tomas Hoger | 2016-03-08 12:39:49 UTC | Depends On | 1315705 | |
| Joe Rafaniello | 2016-03-08 14:18:43 UTC | CC | jrafanie | |
| Tomas Hoger | 2016-03-10 22:36:11 UTC | Whiteboard | impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected,epel-5/rubygem-actionpack=affected | impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,rhscl-2/rh-ror42-rubygem-actionview=notaffected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected,epel-5/rubygem-actionpack=affected |
| Tomas Hoger | 2016-03-10 22:37:14 UTC | Depends On | 1316729 | |
| Tomas Hoger | 2016-03-14 11:31:15 UTC | Doc Text | A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this to execute arbitrary code. | |
| Martin Prpič | 2016-03-14 12:37:48 UTC | Doc Text | A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this to execute arbitrary code. | A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code. |
| Ján Rusnačko | 2016-03-14 21:26:01 UTC | CC | jrusnack | |
| Ján Rusnačko | 2016-03-15 08:05:39 UTC | Whiteboard | impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,rhscl-2/rh-ror42-rubygem-actionview=notaffected,sam-1/rubygem-actionpack=new,sam-1/ruby193-rubygem-actionpack=new,cfme-5.2/ruby193-rubygem-actionpack=new,cfme-5.3/ruby193-rubygem-actionpack=new,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected,epel-5/rubygem-actionpack=affected | impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,rhscl-2/rh-ror42-rubygem-actionview=notaffected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=affected,cfme-5.3/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected,epel-5/rubygem-actionpack=affected |
| Tomas Hoger | 2016-03-15 21:20:09 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-03-15 17:20:09 UTC | |||
| Tazz | 2018-01-31 14:08:40 UTC | CC | tazz | |
| Product Security DevOps Team | 2019-09-29 13:44:17 UTC | Whiteboard | impact=important,public=20160229,reported=20160218,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-94,rhscl-2/ruby193-rubygem-actionpack=affected,rhscl-2/ror40-rubygem-actionpack=affected,rhscl-2/rh-ror41-rubygem-actionview=affected,rhscl-2/rh-ror42-rubygem-actionview=notaffected,sam-1/rubygem-actionpack=wontfix,sam-1/ruby193-rubygem-actionpack=wontfix,cfme-5.2/ruby193-rubygem-actionpack=affected,cfme-5.3/ruby193-rubygem-actionpack=affected,openshift-1/ruby193-rubygem-actionpack=affected,fedora-all/rubygem-actionview=affected,epel-5/rubygem-actionpack=affected |
Back to bug 1310054