OESA-2024-2383

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2383
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-2383.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2024-2383
Upstream
Published
2024-11-15T12:19:24Z
Modified
2025-09-03T06:20:33.241872Z
Summary
rubygem-actionmailer security update
Details

Email on Rails. Compose, deliver, and test emails using the familiar controller/view pattern. First-class support for multipart email and attachments.

Security Fix(es):

Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. Carefully crafted text can cause the blockformat helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling the block_format helper or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected.(CVE-2024-47889)

Database specific 
{
    "severity": "Low"
}
References

Affected packages

openEuler:22.03-LTS-SP4 / rubygem-actionmailer

Package

Name
rubygem-actionmailer
Purl
pkg:rpm/openEuler/rubygem-actionmailer&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.4.1-2.oe2203sp4

Ecosystem specific 

{
    "src": [
        "rubygem-actionmailer-6.1.4.1-2.oe2203sp4.src.rpm"
    ],
    "noarch": [
        "rubygem-actionmailer-6.1.4.1-2.oe2203sp4.noarch.rpm",
        "rubygem-actionmailer-doc-6.1.4.1-2.oe2203sp4.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / rubygem-actionmailer

Package

Name
rubygem-actionmailer
Purl
pkg:rpm/openEuler/rubygem-actionmailer&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.4.1-2.oe2203sp3

Ecosystem specific 

{
    "src": [
        "rubygem-actionmailer-6.1.4.1-2.oe2203sp3.src.rpm"
    ],
    "noarch": [
        "rubygem-actionmailer-6.1.4.1-2.oe2203sp3.noarch.rpm",
        "rubygem-actionmailer-doc-6.1.4.1-2.oe2203sp3.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP4 / rubygem-actionmailer

Package

Name
rubygem-actionmailer
Purl
pkg:rpm/openEuler/rubygem-actionmailer&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.4.4-2.oe2003sp4

Ecosystem specific 

{
    "src": [
        "rubygem-actionmailer-5.2.4.4-2.oe2003sp4.src.rpm"
    ],
    "noarch": [
        "rubygem-actionmailer-5.2.4.4-2.oe2003sp4.noarch.rpm",
        "rubygem-actionmailer-doc-5.2.4.4-2.oe2003sp4.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / rubygem-actionmailer

Package

Name
rubygem-actionmailer
Purl
pkg:rpm/openEuler/rubygem-actionmailer&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.4.1-2.oe2203sp1

Ecosystem specific 

{
    "src": [
        "rubygem-actionmailer-6.1.4.1-2.oe2203sp1.src.rpm"
    ],
    "noarch": [
        "rubygem-actionmailer-6.1.4.1-2.oe2203sp1.noarch.rpm",
        "rubygem-actionmailer-doc-6.1.4.1-2.oe2203sp1.noarch.rpm"
    ]
}

openEuler:24.03-LTS / rubygem-actionmailer

Package

Name
rubygem-actionmailer
Purl
pkg:rpm/openEuler/rubygem-actionmailer&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0.7-2.oe2403

Ecosystem specific 

{
    "src": [
        "rubygem-actionmailer-7.0.7-2.oe2403.src.rpm"
    ],
    "noarch": [
        "rubygem-actionmailer-7.0.7-2.oe2403.noarch.rpm",
        "rubygem-actionmailer-doc-7.0.7-2.oe2403.noarch.rpm"
    ]
}