This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 974094 - CVE-2013-0269 CVE-2013-1821 JRuby 1.7.2 multiple security flaws [fedora-rawhide]
CVE-2013-0269 CVE-2013-1821 JRuby 1.7.2 multiple security flaws [fedora-rawhide]
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: jruby (Show other bugs)
20
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Mo Morsi
Fedora Extras Quality Assurance
, fst_ping=1
: Security, SecurityTracking
Depends On: 1152249
Blocks: CVE-2013-0269 CVE-2013-1821
  Show dependency treegraph
 
Reported: 2013-06-13 08:12 EDT by Alexander Kurtakov
Modified: 2015-04-09 15:00 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-04-09 15:00:46 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Alexander Kurtakov 2013-06-13 08:12:52 EDT
Fedora has jruby 1.7.2 which contains known CVEs and fixed in version 1.7.3 http://www.jruby.org/2013/02/21/jruby-1-7-3.html . Meantime 1.7.4 is released and it's probably best to update to it directly.
Comment 1 Vincent Danen 2013-06-13 11:01:51 EDT
Thanks for this, Alexander.  The two CVEs that are corrected are CVE-2013-0269 and CVE-2013-1821.  I'm going to link those bugs and turn this into a tracking bug.  I've looked on the upstream page and can't see anything about 1.6.x being affected by these, but it wouldn't surprise me if they were, so this may be an issue for Fedora 17 and 18 as well (unknown).
Comment 2 Fedora End Of Life 2013-09-16 10:10:53 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle.
Changing version to '20'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20
Comment 3 pjp 2015-04-09 13:32:06 EDT
Hello mmorsi@redhat.com,

You plan to fix this soon?
Comment 4 Mo Morsi 2015-04-09 15:00:46 EDT
Hey pjp, I haven't worked on this in a while, msrb took over jruby packaging. From the looks of it though it seems the build has been updated in rawhide:

http://koji.fedoraproject.org/koji/packageinfo?packageID=6094

This bug is filed against F20 but I doubt that the build will be able to be backported there due to missing and incompatible dependencies. Closing as on rawhide.

Note You need to log in before you can comment on or make changes to this bug.