Back to bug 2218614
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Patrick Del Bello | 2023-06-29 16:42:22 UTC | CC | amasferr, chazlett, mkudlej, tjochec | |
| Patrick Del Bello | 2023-06-29 16:42:51 UTC | Depends On | 2218617 | |
| Vít Ondruch | 2023-07-04 07:22:07 UTC | Flags | needinfo?(pdelbell) | |
| CC | vondruch | |||
| Vít Ondruch | 2023-07-04 07:23:03 UTC | CC | vondruch | |
| Red Hat Bugzilla | 2023-07-07 08:28:01 UTC | Assignee | security-response-team | nobody |
| TEJ RATHI | 2023-07-10 04:15:16 UTC | Fixed In Version | rubygem-uri 0.12.2, rubygem-uri 0.10.3 | |
| TEJ RATHI | 2023-07-10 04:26:22 UTC | CC | amasferr, chazlett, mkudlej, tjochec | |
| TEJ RATHI | 2023-07-10 04:29:52 UTC | Summary | rubygem-uri: vulnerability for ReDoS | TRIAGE-CVE-2023-36617 rubygem-uri: ReDoS vulnerability - incomplete fix for CVE-2023-28755 |
| TEJ RATHI | 2023-07-10 04:36:04 UTC | CC | bbuckingham, bcourt, ehelms, jsherril, lzap, mhulan, myarboro, nmoumoul, orabin, pcreech, rchan | |
| TEJ RATHI | 2023-07-10 04:37:02 UTC | Depends On | 2221559, 2221560 | |
| Vipul Nair | 2023-07-10 08:42:20 UTC | Depends On | 2221595, 2221597, 2221596 | |
| TEJ RATHI | 2023-07-11 07:39:06 UTC | Depends On | 2221888, 2221886, 2221889, 2221887 | |
| TEJ RATHI | 2023-07-11 07:50:45 UTC | Summary | TRIAGE-CVE-2023-36617 rubygem-uri: ReDoS vulnerability - incomplete fix for CVE-2023-28755 | TRIAGE-CVE-2023-36617 rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 |
| TEJ RATHI | 2023-07-11 07:56:43 UTC | Doc Text | A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service (ReDoS). | |
| TEJ RATHI | 2023-07-11 08:00:07 UTC | Flags | needinfo?(pdelbell) | |
| TEJ RATHI | 2023-07-11 09:16:53 UTC | Depends On | 2221915 | |
| TEJ RATHI | 2023-07-11 09:53:37 UTC | CC | vondruch | |
| Flags | needinfo?(vondruch) | |||
| Vít Ondruch | 2023-07-13 08:24:37 UTC | Flags | needinfo?(vondruch) | |
| TEJ RATHI | 2023-07-13 11:07:03 UTC | Alias | TRIAGE-CVE-2023-36617 | CVE-2023-36617 |
| Summary | TRIAGE-CVE-2023-36617 rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 | CVE-2023-36617 rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 | ||
| TEJ RATHI | 2023-07-13 11:12:10 UTC | Flags | needinfo?(vondruch) | |
| Vít Ondruch | 2023-07-13 11:31:40 UTC | Flags | needinfo?(vondruch) | |
| RaTasha Tillery-Smith | 2023-07-13 13:03:16 UTC | Doc Text | A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service (ReDoS). | A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service (ReDoS). |
| Patrick Del Bello | 2023-07-31 18:26:13 UTC | CC | amasferr, chazlett, mkudlej, tjochec |
Back to bug 2218614