Bug 974094
Summary: | CVE-2013-0269 CVE-2013-1821 JRuby 1.7.2 multiple security flaws [fedora-rawhide] | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Alexander Kurtakov <akurtako> |
Component: | jruby | Assignee: | Mo Morsi <mmorsi> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 20 | CC: | bkabrda, mgoldman, mmorsi, sparks, vondruch |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | , fst_ping=1 | ||
Fixed In Version: | Doc Type: | Release Note | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-04-09 19:00:46 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1152249 | ||
Bug Blocks: | 909029, 914716 |
Description
Alexander Kurtakov
2013-06-13 12:12:52 UTC
Thanks for this, Alexander. The two CVEs that are corrected are CVE-2013-0269 and CVE-2013-1821. I'm going to link those bugs and turn this into a tracking bug. I've looked on the upstream page and can't see anything about 1.6.x being affected by these, but it wouldn't surprise me if they were, so this may be an issue for Fedora 17 and 18 as well (unknown). This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle. Changing version to '20'. More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20 Hello mmorsi, You plan to fix this soon? Hey pjp, I haven't worked on this in a while, msrb took over jruby packaging. From the looks of it though it seems the build has been updated in rawhide: http://koji.fedoraproject.org/koji/packageinfo?packageID=6094 This bug is filed against F20 but I doubt that the build will be able to be backported there due to missing and incompatible dependencies. Closing as on rawhide. |