[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2019:1771-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":56,"duplicates":57,"related":58,"reserved_at":9,"published_at":80,"modified_at":81,"state":9,"summary":82,"references_raw":84,"kevs":269,"epss":9,"epss_history":270,"metrics":271,"affected":272},"OPENSUSE-SU-2019:1771-1","Security update for ruby-bundled-gems-rpmhelper, ruby2.5\n\nThis update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues:\n\nChanges in ruby2.5:\n\nUpdate to 2.5.5 and 2.5.4:\n\nhttps://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/\nhttps://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/\n\nSecurity issues fixed:\n\n- CVE-2019-8320: Delete directory using symlink when\n  decompressing tar (bsc#1130627)\n- CVE-2019-8321: Escape sequence injection vulnerability in\n  verbose  (bsc#1130623)\n- CVE-2019-8322: Escape sequence injection vulnerability in gem\n  owner  (bsc#1130622)\n- CVE-2019-8323: Escape sequence injection vulnerability in API\n  response handling  (bsc#1130620)\n- CVE-2019-8324: Installing a malicious gem may lead to arbitrary\n  code execution  (bsc#1130617)\n- CVE-2019-8325: Escape sequence injection vulnerability in\n  errors  (bsc#1130611)\n\n\nRuby 2.5 was updated to 2.5.3:\n\nThis release includes some bug fixes and some security fixes.\n\nSecurity issues fixed:\n\n- CVE-2018-16396: Tainted flags are not propagated in Array#pack\n  and String#unpack with some directives (bsc#1112532)\n- CVE-2018-16395: OpenSSL::X509::Name equality check does not\n  work correctly (bsc#1112530)\n\nRuby 2.5 was updated to 2.5.1:\n\nThis release includes some bug fixes and some security fixes.\n\nSecurity issues fixed:\n\n- CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434)\n- CVE-2018-6914: Unintentional file and directory creation with\n  directory traversal in tempfile and tmpdir (bsc#1087441)\n- CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436)\n- CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433)\n- CVE-2018-8779: Unintentional socket creation by poisoned NUL\n  byte in UNIXServer and UNIXSocket (bsc#1087440)\n- CVE-2018-8780: Unintentional directory traversal by poisoned\n  NUL byte in Dir (bsc#1087437)\n\n- Multiple vulnerabilities in RubyGems were fixed:\n\n  - CVE-2018-1000079: Fixed path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058)\n  - CVE-2018-1000075: Fixed infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014)\n  - CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when displayed via gem server (bsc#1082011)\n  - CVE-2018-1000077: Fixed that missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (bsc#1082010)\n  - CVE-2018-1000076: Fixed improper verification of signatures in tarball allows to install mis-signed gem (bsc#1082009)\n  - CVE-2018-1000074: Fixed unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (bsc#1082008)\n  - CVE-2018-1000073: Fixed path traversal when writing to a symlinked basedir outside of the root (bsc#1082007)\n\nOther changes:\n\n- Fixed Net::POPMail methods modify frozen literal when using default arg\n- ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790)\n- build with PIE support (bsc#1130028)\n\n\nChanges in ruby-bundled-gems-rpmhelper:\n\n- Add a new helper for bundled ruby gems.\n\nThis update was imported from the SUSE:SLE-15:Update update project.",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54],{"_key":15},"CVE-2017-17742",{"_key":17},"CVE-2018-1000073",{"_key":19},"CVE-2018-1000074",{"_key":21},"CVE-2018-1000075",{"_key":23},"CVE-2018-1000076",{"_key":25},"CVE-2018-1000077",{"_key":27},"CVE-2018-1000078",{"_key":29},"CVE-2018-1000079",{"_key":31},"CVE-2018-16395",{"_key":33},"CVE-2018-16396",{"_key":35},"CVE-2018-6914",{"_key":37},"CVE-2018-8777",{"_key":39},"CVE-2018-8778",{"_key":41},"CVE-2018-8779",{"_key":43},"CVE-2018-8780",{"_key":45},"CVE-2019-8320",{"_key":47},"CVE-2019-8321",{"_key":49},"CVE-2019-8322",{"_key":51},"CVE-2019-8323",{"_key":53},"CVE-2019-8324",{"_key":55},"CVE-2019-8325",[],[],[59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},"2019-07-21T05:37:45Z","2026-02-04T04:37:52.767532Z",{"cisa_kev":83,"cisa_ransomware":83,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[85,91,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184,189,193,197,201,205,209,213,217,221,225,229,233,237,241,245,249,253,257,261,265],{"url":86,"sources":87,"tags":89},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DDFTKHWDUNIX327O4WIHXU2TIVV47W3Z/#DDFTKHWDUNIX327O4WIHXU2TIVV47W3Z",[88],"osv_opensuse",[90],"Advisory",{"url":92,"sources":93,"tags":94},"https://bugzilla.suse.com/1082007",[88],[95],"REPORT",{"url":97,"sources":98,"tags":99},"https://bugzilla.suse.com/1082008",[88],[95],{"url":101,"sources":102,"tags":103},"https://bugzilla.suse.com/1082009",[88],[95],{"url":105,"sources":106,"tags":107},"https://bugzilla.suse.com/1082010",[88],[95],{"url":109,"sources":110,"tags":111},"https://bugzilla.suse.com/1082011",[88],[95],{"url":113,"sources":114,"tags":115},"https://bugzilla.suse.com/1082014",[88],[95],{"url":117,"sources":118,"tags":119},"https://bugzilla.suse.com/1082058",[88],[95],{"url":121,"sources":122,"tags":123},"https://bugzilla.suse.com/1087433",[88],[95],{"url":125,"sources":126,"tags":127},"https://bugzilla.suse.com/1087434",[88],[95],{"url":129,"sources":130,"tags":131},"https://bugzilla.suse.com/1087436",[88],[95],{"url":133,"sources":134,"tags":135},"https://bugzilla.suse.com/1087437",[88],[95],{"url":137,"sources":138,"tags":139},"https://bugzilla.suse.com/1087440",[88],[95],{"url":141,"sources":142,"tags":143},"https://bugzilla.suse.com/1087441",[88],[95],{"url":145,"sources":146,"tags":147},"https://bugzilla.suse.com/1112530",[88],[95],{"url":149,"sources":150,"tags":151},"https://bugzilla.suse.com/1112532",[88],[95],{"url":153,"sources":154,"tags":155},"https://bugzilla.suse.com/1130028",[88],[95],{"url":157,"sources":158,"tags":159},"https://bugzilla.suse.com/1130611",[88],[95],{"url":161,"sources":162,"tags":163},"https://bugzilla.suse.com/1130617",[88],[95],{"url":165,"sources":166,"tags":167},"https://bugzilla.suse.com/1130620",[88],[95],{"url":169,"sources":170,"tags":171},"https://bugzilla.suse.com/1130622",[88],[95],{"url":173,"sources":174,"tags":175},"https://bugzilla.suse.com/1130623",[88],[95],{"url":177,"sources":178,"tags":179},"https://bugzilla.suse.com/1130627",[88],[95],{"url":181,"sources":182,"tags":183},"https://bugzilla.suse.com/1133790",[88],[95],{"url":185,"sources":186,"tags":187},"https://www.suse.com/security/cve/CVE-2017-17742",[88],[188],"WEB",{"url":190,"sources":191,"tags":192},"https://www.suse.com/security/cve/CVE-2018-1000073",[88],[188],{"url":194,"sources":195,"tags":196},"https://www.suse.com/security/cve/CVE-2018-1000074",[88],[188],{"url":198,"sources":199,"tags":200},"https://www.suse.com/security/cve/CVE-2018-1000075",[88],[188],{"url":202,"sources":203,"tags":204},"https://www.suse.com/security/cve/CVE-2018-1000076",[88],[188],{"url":206,"sources":207,"tags":208},"https://www.suse.com/security/cve/CVE-2018-1000077",[88],[188],{"url":210,"sources":211,"tags":212},"https://www.suse.com/security/cve/CVE-2018-1000078",[88],[188],{"url":214,"sources":215,"tags":216},"https://www.suse.com/security/cve/CVE-2018-1000079",[88],[188],{"url":218,"sources":219,"tags":220},"https://www.suse.com/security/cve/CVE-2018-16395",[88],[188],{"url":222,"sources":223,"tags":224},"https://www.suse.com/security/cve/CVE-2018-16396",[88],[188],{"url":226,"sources":227,"tags":228},"https://www.suse.com/security/cve/CVE-2018-6914",[88],[188],{"url":230,"sources":231,"tags":232},"https://www.suse.com/security/cve/CVE-2018-8777",[88],[188],{"url":234,"sources":235,"tags":236},"https://www.suse.com/security/cve/CVE-2018-8778",[88],[188],{"url":238,"sources":239,"tags":240},"https://www.suse.com/security/cve/CVE-2018-8779",[88],[188],{"url":242,"sources":243,"tags":244},"https://www.suse.com/security/cve/CVE-2018-8780",[88],[188],{"url":246,"sources":247,"tags":248},"https://www.suse.com/security/cve/CVE-2019-8320",[88],[188],{"url":250,"sources":251,"tags":252},"https://www.suse.com/security/cve/CVE-2019-8321",[88],[188],{"url":254,"sources":255,"tags":256},"https://www.suse.com/security/cve/CVE-2019-8322",[88],[188],{"url":258,"sources":259,"tags":260},"https://www.suse.com/security/cve/CVE-2019-8323",[88],[188],{"url":262,"sources":263,"tags":264},"https://www.suse.com/security/cve/CVE-2019-8324",[88],[188],{"url":266,"sources":267,"tags":268},"https://www.suse.com/security/cve/CVE-2019-8325",[88],[188],[],[],[],[273,286,290,297],{"ecosystem":274,"name":275,"vendor":276,"product":277,"cpe_part":9,"purl_type":278,"purl_namespace":276,"purl_name":277,"source":9,"versions":279},"openSUSE","ruby-bundled-gems-rpmhelper","opensuse","ruby-bundled-gems-rpmhelper&distro=openSUSE Leap 15.0","rpm",[280],{"version":281,"is_range":282,"range_type":283,"version_start":9,"version_start_type":9,"version_end":284,"version_end_type":285,"fixed_in":9},"lt0_0_2_lp151_2_1",true,"ecosystem","0.0.2-lp151.2.1","excluding",{"ecosystem":274,"name":275,"vendor":276,"product":287,"cpe_part":9,"purl_type":278,"purl_namespace":276,"purl_name":287,"source":9,"versions":288},"ruby-bundled-gems-rpmhelper&distro=openSUSE Leap 15.1",[289],{"version":281,"is_range":282,"range_type":283,"version_start":9,"version_start_type":9,"version_end":284,"version_end_type":285,"fixed_in":9},{"ecosystem":274,"name":291,"vendor":276,"product":292,"cpe_part":9,"purl_type":278,"purl_namespace":276,"purl_name":292,"source":9,"versions":293},"ruby2.5","ruby2.5&distro=openSUSE Leap 15.0",[294],{"version":295,"is_range":282,"range_type":283,"version_start":9,"version_start_type":9,"version_end":296,"version_end_type":285,"fixed_in":9},"lt2_5_5_lp151_4_3_1","2.5.5-lp151.4.3.1",{"ecosystem":274,"name":291,"vendor":276,"product":298,"cpe_part":9,"purl_type":278,"purl_namespace":276,"purl_name":298,"source":9,"versions":299},"ruby2.5&distro=openSUSE Leap 15.1",[300],{"version":295,"is_range":282,"range_type":283,"version_start":9,"version_start_type":9,"version_end":296,"version_end_type":285,"fixed_in":9}]