From: "nagachika (Tomoyuki Chikanaga) via ruby-core" <ruby-core@...>
Date: 2024-03-21T12:21:31+00:00
Subject: [ruby-core:117282] [Ruby master Bug#20386] Backport CVE-2024-27281

Issue #20386 has been updated by nagachika (Tomoyuki Chikanaga).

Backport changed from 3.0: REQUIRED, 3.1: REQUIRED, 3.2: REQUIRED, 3.3: REQUIRED to 3.0: REQUIRED, 3.1: REQUIRED, 3.2: DONE, 3.3: REQUIRED

Merged https://github.com/ruby/ruby/pull/10317

----------------------------------------
Bug #20386: Backport CVE-2024-27281
https://bugs.ruby-lang.org/issues/20386#change-107408

* Author: hsbt (Hiroshi SHIBATA)
* Status: Closed
* Backport: 3.0: REQUIRED, 3.1: REQUIRED, 3.2: DONE, 3.3: REQUIRED
----------------------------------------
I disclosed https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/ today.

We should backport fixed RDoc to all stable version.

* For 3.0: https://github.com/ruby/ruby/pull/10319
* For 3.1: https://github.com/ruby/ruby/pull/10318
* For 3.2: https://github.com/ruby/ruby/pull/10317
* For 3.3: https://github.com/ruby/ruby/pull/10316





-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/