OESA-2021-1259

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1259

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2021-1259.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2021-1259

Upstream

CVE-2021-28965

Published

2021-07-10T11:03:02Z

Modified

2025-09-03T06:17:21.969777Z

Summary

ruby security update

Details

Security Fix(es):

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.(CVE-2021-28965)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / ruby

Package

Name: ruby
Purl: pkg:rpm/openEuler/ruby&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.8-113.oe1

Ecosystem specific

{
    "noarch": [
        "ruby-irb-2.5.8-113.oe1.noarch.rpm",
        "rubygem-did_you_mean-1.2.0-113.oe1.noarch.rpm",
        "rubygem-xmlrpc-0.3.0-113.oe1.noarch.rpm",
        "ruby-help-2.5.8-113.oe1.noarch.rpm",
        "rubygem-rdoc-6.0.1.1-113.oe1.noarch.rpm",
        "rubygems-devel-2.7.6-113.oe1.noarch.rpm",
        "rubygem-minitest-5.10.3-113.oe1.noarch.rpm",
        "rubygem-net-telnet-0.1.1-113.oe1.noarch.rpm",
        "rubygems-2.7.6-113.oe1.noarch.rpm",
        "rubygem-power_assert-1.1.1-113.oe1.noarch.rpm",
        "rubygem-rake-12.3.0-113.oe1.noarch.rpm",
        "rubygem-test-unit-3.2.7-113.oe1.noarch.rpm"
    ],
    "src": [
        "ruby-2.5.8-113.oe1.src.rpm"
    ],
    "aarch64": [
        "rubygem-psych-3.0.2-113.oe1.aarch64.rpm",
        "ruby-devel-2.5.8-113.oe1.aarch64.rpm",
        "rubygem-bigdecimal-1.3.4-113.oe1.aarch64.rpm",
        "ruby-debugsource-2.5.8-113.oe1.aarch64.rpm",
        "rubygem-openssl-2.1.2-113.oe1.aarch64.rpm",
        "rubygem-io-console-0.4.6-113.oe1.aarch64.rpm",
        "ruby-2.5.8-113.oe1.aarch64.rpm",
        "ruby-debuginfo-2.5.8-113.oe1.aarch64.rpm",
        "rubygem-json-2.1.0-113.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "ruby-debugsource-2.5.8-113.oe1.x86_64.rpm",
        "ruby-devel-2.5.8-113.oe1.x86_64.rpm",
        "ruby-2.5.8-113.oe1.x86_64.rpm",
        "rubygem-psych-3.0.2-113.oe1.x86_64.rpm",
        "rubygem-bigdecimal-1.3.4-113.oe1.x86_64.rpm",
        "ruby-debuginfo-2.5.8-113.oe1.x86_64.rpm",
        "rubygem-openssl-2.1.2-113.oe1.x86_64.rpm",
        "rubygem-json-2.1.0-113.oe1.x86_64.rpm",
        "rubygem-io-console-0.4.6-113.oe1.x86_64.rpm"
    ]
}