From: "hsbt (Hiroshi SHIBATA) via ruby-core" <ruby-core@...>
Date: 2024-03-21T07:03:44+00:00
Subject: [ruby-core:117280] [Ruby master Bug#20385] Backport CVE-2024-27280

Issue #20385 has been reported by hsbt (Hiroshi SHIBATA).

----------------------------------------
Bug #20385: Backport CVE-2024-27280
https://bugs.ruby-lang.org/issues/20385

* Author: hsbt (Hiroshi SHIBATA)
* Status: Closed
* Backport: 3.0: REQUIRED, 3.1: REQUIRED, 3.2: DONTNEED, 3.3: DONTNEED
----------------------------------------
I disclosed https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/ today.

This StringIO versions should be backported in the next release.

* For Ruby 3.0: https://github.com/ruby/ruby/pull/10320
* For Ruby 3.1: https://github.com/ruby/ruby/pull/10321





-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/