Source: ruby3.2 Version: 3.2.3-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: clone -1 -2 Control: reassign -2 src;ruby3.1 3.1.2-8 Control: retitle -2 ruby3.1: CVE-2024-27282 Control: found -2 3.1.2-7
Hi, The following vulnerability was published for ruby. CVE-2024-27282[0]: | Arbitrary memory address read vulnerability with Regex search If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27282 https://www.cve.org/CVERecord?id=CVE-2024-27282 [1] https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/ [2] https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a Please adjust the affected versions in the BTS as needed. Regards, Salvatore