From ae6faf6ba3871404f5754f0a83d13ebfff610f1b Mon Sep 17 00:00:00 2001 From: Al Snow Date: Mon, 2 Feb 2026 11:59:20 -0500 Subject: [PATCH] GHSA SYNC: 4 related 2008 ruby modified advisories --- rubies/ruby/CVE-2008-3655.yml | 17 +++++++++++++++++ rubies/ruby/CVE-2008-3656.yml | 23 ++++++++++++++++++++--- rubies/ruby/CVE-2008-3657.yml | 19 ++++++++++++++++++- rubies/ruby/CVE-2008-3905.yml | 17 ++++++++++++++++- 4 files changed, 71 insertions(+), 5 deletions(-) diff --git a/rubies/ruby/CVE-2008-3655.yml b/rubies/ruby/CVE-2008-3655.yml index 8bf59396f0..663f22f72d 100644 --- a/rubies/ruby/CVE-2008-3655.yml +++ b/rubies/ruby/CVE-2008-3655.yml @@ -1,6 +1,7 @@ --- engine: ruby cve: 2008-3655 +ghsa: p524-ppf2-w36w url: https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ title: Ruby multiple insufficient safe mode restrictions date: 2008-08-08 @@ -16,3 +17,19 @@ patched_versions: - "~> 1.8.6.287" - "~> 1.8.7.72" - ">= 1.9.0" +related: + url: + - https://nvd.nist.gov/vuln/detail/CVE-2008-3655 + - https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby + - https://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released + - https://security.gentoo.org/glsa/200812-17 + - https://www.us-cert.gov/cas/techalerts/TA09-133A.html + - https://support.apple.com/en-us/104129 + - https://web.archive.org/web/20090517222231/https://lists.apple.com/archives/security-announce/2009/May/msg00002.html + - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401 + - https://www.debian.org/security/2008/dsa-1652 + - https://www.debian.org/security/2008/dsa-1651 + - https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-October/000765.html + - https://support.avaya.com/elmodocs2/security/ASA-2008-424.htm + - https://exchange.xforce.ibmcloud.com/vulnerabilities/44369 + - https://github.com/advisories/GHSA-p524-ppf2-w36w diff --git a/rubies/ruby/CVE-2008-3656.yml b/rubies/ruby/CVE-2008-3656.yml index 0278b61a33..455659e921 100644 --- a/rubies/ruby/CVE-2008-3656.yml +++ b/rubies/ruby/CVE-2008-3656.yml @@ -1,9 +1,10 @@ --- engine: ruby cve: 2008-3656 -url: https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ -title: Ruby WEBrick::HTTP::DefaultFileHandler DoS -date: 2008-08-08 +ghsa: 823x-6r7f-v9x6 +url: https://nvd.nist.gov/vuln/detail/CVE-2008-3656 +title: Algorithmic complexity vulnerability in the WEBrick +date: 2008-08-12 description: | Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in @@ -17,3 +18,19 @@ patched_versions: - "~> 1.8.6.287" - "~> 1.8.7.72" - ">= 1.9.0" +related: + url: + - https://nvd.nist.gov/vuln/detail/CVE-2008-3656 + - https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby + - https://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released + - https://security.gentoo.org/glsa/200812-17 + - https://www.us-cert.gov/cas/techalerts/TA09-133A.html + - https://support.apple.com/en-us/104129 + - https://web.archive.org/web/20090517222231/https://lists.apple.com/archives/security-announce/2009/May/msg00002.html + - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401 + - https://www.debian.org/security/2008/dsa-1652 + - https://www.debian.org/security/2008/dsa-1651 + - https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-October/000765.html + - https://support.avaya.com/elmodocs2/security/ASA-2008-424.htm + - https://exchange.xforce.ibmcloud.com/vulnerabilities/44371 + - https://github.com/advisories/GHSA-823x-6r7f-v9x6 diff --git a/rubies/ruby/CVE-2008-3657.yml b/rubies/ruby/CVE-2008-3657.yml index 997b08e70e..bc595bb31e 100644 --- a/rubies/ruby/CVE-2008-3657.yml +++ b/rubies/ruby/CVE-2008-3657.yml @@ -1,7 +1,8 @@ --- engine: ruby cve: 2008-3657 -url: https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ +ghsa: 5f6v-fgcw-j5px +url: https://nvd.nist.gov/vuln/detail/CVE-2008-3657 title: Ruby missing "taintness" checks in dl module date: 2008-08-08 description: | @@ -14,3 +15,19 @@ patched_versions: - "~> 1.8.6.287" - "~> 1.8.7.72" - ">= 1.9.0" +related: + url: + - https://nvd.nist.gov/vuln/detail/CVE-2008-3657 + - https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby + - https://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released + - https://security.gentoo.org/glsa/200812-17 + - https://www.us-cert.gov/cas/techalerts/TA09-133A.html + - https://support.apple.com/en-us/104129 + - https://web.archive.org/web/20090517222231/https://lists.apple.com/archives/security-announce/2009/May/msg00002.html + - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401 + - https://www.debian.org/security/2008/dsa-1652 + - https://www.debian.org/security/2008/dsa-1651 + - https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-October/000765.html + - https://support.avaya.com/elmodocs2/security/ASA-2008-424.htm + - https://exchange.xforce.ibmcloud.com/vulnerabilities/44372 + - https://github.com/advisories/GHSA-5f6v-fgcw-j5px diff --git a/rubies/ruby/CVE-2008-3905.yml b/rubies/ruby/CVE-2008-3905.yml index 1edf523e61..5d0e5da995 100644 --- a/rubies/ruby/CVE-2008-3905.yml +++ b/rubies/ruby/CVE-2008-3905.yml @@ -1,7 +1,8 @@ --- engine: ruby cve: 2008-3905 -url: https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ +ghsa: vwcj-mf69-7rfw +url: https://nvd.nist.gov/vuln/detail/CVE-2008-3905 title: ruby -- DNS spoofing vulnerability in resolv.rb date: 2008-05-05 description: | @@ -15,3 +16,17 @@ patched_versions: - "~> 1.8.6.287" - "~> 1.8.7.72" - ">= 1.9.0" +related: + url: + - https://nvd.nist.gov/vuln/detail/CVE-2008-3905 + - https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby + - https://www.ruby-lang.org/en/news/2008/08/11/ruby-1-8-7-p72-and-1-8-6-p287-released + - https://www.openwall.com/lists/oss-security/2008/09/03/3 + - https://www.openwall.com/lists/oss-security/2008/09/04/9 + - https://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754 + - https://www.debian.org/security/2008/dsa-1652 + - https://www.debian.org/security/2008/dsa-1651 + + - https://support.avaya.com/elmodocs2/security/ASA-2008-424.htm + - https://exchange.xforce.ibmcloud.com/vulnerabilities/45935 + - https://github.com/advisories/GHSA-vwcj-mf69-7rfw