Ruby 2.5.3 Released
Ruby 2.5.3 has been released.
Posted by nagachika on 18 Oct 2018
CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
The equality check of OpenSSL::X509::Name is not correct in the openssl
extension library bundled with Ruby.
This vulnerability has been assigned the CVE identifier
CVE-2018-16395.
Posted by usa on 17 Oct 2018
CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives
In Array#pack and String#unpack with some formats, the tainted flags
of the original data are not propagated to the returned string/array.
This vulnerability has been assigned the CVE identifier
CVE-2018-16396.
Posted by usa on 17 Oct 2018