Updated advisory posts against rubysec/ruby-advisory-db@871af3b

Author: simar7

advisories/_posts/2007-01-22-CVE-2007-0469.md

@@ -1,8 +1,7 @@
 ---
 layout: advisory
-title: |
-  CVE-2007-0469 (rubygems-update): RubyGems installer.rb extract_files Function Crafted GEM Package Arbitrary
-  File Overwrite
+title: 'CVE-2007-0469 (rubygems-update): CVE-2007-0469 RubyGems: Specially-crafted
+  Gem archive can overwrite system files'
 comments: false
 categories:
 - rubygems-update
@@ -13,15 +12,13 @@ advisory:
   cve: 2007-0469
   osvdb: 33561
   url: https://nvd.nist.gov/vuln/detail/CVE-2007-0469
-  title: |
-    RubyGems installer.rb extract_files Function Crafted GEM Package Arbitrary
-    File Overwrite
+  title: 'CVE-2007-0469 RubyGems: Specially-crafted Gem archive can overwrite system
+    files'
   date: 2007-01-22
-  description: |
-    The extract_files function in installer.rb in RubyGems before 0.9.1 does not
-    check whether files exist before overwriting them, which allows user-assisted
-    remote attackers to overwrite arbitrary files, cause a denial of service, or
-    execute arbitrary code via crafted GEM packages.
+  description: The extract_files function in installer.rb in RubyGems before 0.9.1
+    does not check whether files exist before overwriting them, which allows user-assisted
+    remote attackers to overwrite arbitrary files, cause a denial of service, or execute
+    arbitrary code via crafted GEM packages.
   cvss_v2: 9.3
   patched_versions:
   - ">= 0.9.1"

advisories/_posts/2007-11-27-CVE-2007-6183.md

@@ -1,7 +1,6 @@
 ---
 layout: advisory
-title: 'CVE-2007-6183 (gtk2): Ruby-GNOME2 gtk/src/rbgtkmessagedialog.c Gtk::MessageDialog.new()
-  Function Format String'
+title: 'CVE-2007-6183 (gtk2): CVE-2007-6183 ruby-gnome2: format string vulnerability'
 comments: false
 categories:
 - gtk2
@@ -10,14 +9,12 @@ advisory:
   cve: 2007-6183
   osvdb: 40774
   url: https://nvd.nist.gov/vuln/detail/CVE-2007-6183
-  title: Ruby-GNOME2 gtk/src/rbgtkmessagedialog.c Gtk::MessageDialog.new() Function
-    Format String
+  title: 'CVE-2007-6183 ruby-gnome2: format string vulnerability'
   date: 2007-11-27
-  description: |
-    Format string vulnerability in the mdiag_initialize function in
-    gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and
-    SVN versions before 20071127, allows context-dependent attackers to execute
-    arbitrary code via format string specifiers in the message parameter.
+  description: Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c
+    in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows
+    context-dependent attackers to execute arbitrary code via format string specifiers
+    in the message parameter.
   cvss_v2: 6.8
   patched_versions:
   - "> 0.16.0"

advisories/_posts/2011-12-28-CVE-2011-5036.md

@@ -1,8 +1,7 @@
 ---
 layout: advisory
-title: 'CVE-2011-5036 (rack): Rack Hash Collision Form Parameter Parsing Remote DoS
-
-  '
+title: 'CVE-2011-5036 (rack): CVE-2011-5036 rubygem-rack: hash table collisions DoS
+  (oCERT-2011-003)'
 comments: false
 categories:
 - rack
@@ -11,15 +10,12 @@ advisory:
   cve: 2011-5036
   osvdb: 78121
   url: https://nvd.nist.gov/vuln/detail/CVE-2011-5036
-  title: 'Rack Hash Collision Form Parameter Parsing Remote DoS
-
-    '
+  title: 'CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003)'
   date: 2011-12-28
-  description: |
-    Rack contains a flaw that may allow a remote denial of service. The issue is
-    triggered when an attacker sends multiple crafted parameters which trigger
-    hash collisions, and will result in loss of availability for the program via
-    CPU consumption.
+  description: Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes
+    hash values for form parameters without restricting the ability to trigger hash
+    collisions predictably, which allows remote attackers to cause a denial of service
+    (CPU consumption) by sending many crafted parameters.
   cvss_v2: 5.0
   patched_versions:
   - "~> 1.1.3"

advisories/_posts/2012-02-29-CVE-2012-6684.md

@@ -1,6 +1,6 @@
 ---
 layout: advisory
-title: 'CVE-2012-6684 (RedCloth): RedCloth Gem for Ruby Textile Link Parsing XSS'
+title: 'CVE-2012-6684 (RedCloth): CVE-2012-6684 rubygem-RedCloth: XSS vulnerability'
 comments: false
 categories:
 - RedCloth
@@ -9,15 +9,11 @@ advisory:
   cve: 2012-6684
   osvdb: 115941
   url: https://co3k.org/blog/redcloth-unfixed-xss-en
-  title: RedCloth Gem for Ruby Textile Link Parsing XSS
+  title: 'CVE-2012-6684 rubygem-RedCloth: XSS vulnerability'
   date: 2012-02-29
-  description: |
-    RedCloth Gem for Ruby contains a flaw that allows a cross-site scripting (XSS)
-    attack. This flaw exists because the program does not validate input when
-    parsing textile links before returning it to users. This may allow a remote
-    attacker to create a specially crafted request that would execute arbitrary
-    script code in a user's browser session within the trust relationship between
-    their browser and the server.
+  description: 'Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9
+    for Ruby and earlier allows remote attackers to inject arbitrary web script or
+    HTML via a javascript: URI.'
   cvss_v2: 4.3
   patched_versions:
   - ">= 4.3.0"

advisories/_posts/2012-03-01-CVE-2012-1098.md

@@ -1,7 +1,7 @@
 ---
 layout: advisory
-title: 'CVE-2012-1098 (activesupport): Ruby on Rails SafeBuffer Object [] Direct Manipulation
-  XSS'
+title: 'CVE-2012-1098 (activesupport): CVE-2012-1098 rubygem-activesupport: XSS in
+  SafeBuffer#[] (unescaped safe buffers can be marked as safe)'
 comments: false
 categories:
 - activesupport
@@ -12,15 +12,13 @@ advisory:
   cve: 2012-1098
   osvdb: 79726
   url: https://nvd.nist.gov/vuln/detail/CVE-2012-1098
-  title: Ruby on Rails SafeBuffer Object [] Direct Manipulation XSS
+  title: 'CVE-2012-1098 rubygem-activesupport: XSS in SafeBuffer#[] (unescaped safe
+    buffers can be marked as safe)'
   date: 2012-03-01
-  description: |
-    Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS)
-    attack. This flaw exists because athe application does not validate direct
-    manipulations of SafeBuffer objects via '[]' and other methods. This may
-    allow a user to create a specially crafted request that would execute
-    arbitrary script code in a user's browser within the trust relationship
-    between their browser and the server.
+  description: Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before
+    3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to
+    inject arbitrary web script or HTML via vectors involving a SafeBuffer object
+    that is manipulated through certain methods.
   cvss_v2: 4.3
   unaffected_versions:
   - "< 3.0.0"

advisories/_posts/2012-03-01-CVE-2012-1099.md

@@ -1,7 +1,7 @@
 ---
 layout: advisory
-title: 'CVE-2012-1099 (actionpack): Ruby on Rails actionpack/lib/action_view/helpers/form_options_helper.rb
-  Manually Generated Select Tag Options XSS'
+title: 'CVE-2012-1099 (actionpack): CVE-2012-1099 rubygem-actionpack: XSS in the ''select''
+  helper'
 comments: false
 categories:
 - actionpack
@@ -12,17 +12,13 @@ advisory:
   cve: 2012-1099
   osvdb: 79727
   url: https://nvd.nist.gov/vuln/detail/CVE-2012-1099
-  title: Ruby on Rails actionpack/lib/action_view/helpers/form_options_helper.rb Manually
-    Generated Select Tag Options XSS
+  title: 'CVE-2012-1099 rubygem-actionpack: XSS in the ''select'' helper'
   date: 2012-03-01
-  description: |
-    Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS)
-    attack. This flaw exists because the application does not validate manually
-    generated 'select tag options' upon submission to
-    actionpack/lib/action_view/helpers/form_options_helper.rb. This may allow a
-    user to create a specially crafted request that would execute arbitrary
-    script code in a user's browser within the trust relationship between their
-    browser and the server.
+  description: Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb
+    in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4,
+    and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script
+    or HTML via vectors involving certain generation of OPTION elements within SELECT
+    elements.
   cvss_v2: 4.3
   patched_versions:
   - "~> 3.0.12"

advisories/_posts/2012-03-14-CVE-2012-2139.md

@@ -1,7 +1,6 @@
 ---
 layout: advisory
-title: 'CVE-2012-2139 (mail): Mail Gem for Ruby File Delivery Method to Parameter
-  Traversal Arbitrary File Manipulation'
+title: 'CVE-2012-2139 (mail): CVE-2012-2139 rubygem-mail: directory traversal'
 comments: false
 categories:
 - mail
@@ -10,16 +9,11 @@ advisory:
   cve: 2012-2139
   osvdb: 81631
   url: https://nvd.nist.gov/vuln/detail/CVE-2012-2139
-  title: Mail Gem for Ruby File Delivery Method to Parameter Traversal Arbitrary File
-    Manipulation
+  title: 'CVE-2012-2139 rubygem-mail: directory traversal'
   date: 2012-03-14
-  description: 'Mail Gem for Ruby contains a flaw that allows a remote attacker to
-    traverse outside of a restricted path. The issue is due to the program not properly
-    sanitizing user input, specifically directory traversal style attacks (e.g., ../../)
-    supplied via the ''to'' parameter within the delivery method. This directory traversal
-    attack would allow the attacker to modify arbitrary files.
-
-    '
+  description: Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb
+    in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary
+    files via a .. (dot dot) in the to parameter.
   cvss_v2: 5.0
   patched_versions:
   - ">= 2.4.4"

advisories/_posts/2012-03-14-CVE-2012-2140.md

@@ -1,7 +1,7 @@
 ---
 layout: advisory
-title: 'CVE-2012-2140 (mail): Mail Gem for Ruby Multiple Delivery Method Remote Shell
-  Command Execution'
+title: 'CVE-2012-2140 (mail): CVE-2012-2140 rubygem-mail: arbitrary command execution
+  when using exim or sendmail from commandline'
 comments: false
 categories:
 - mail
@@ -10,12 +10,11 @@ advisory:
   cve: 2012-2140
   osvdb: 81632
   url: https://nvd.nist.gov/vuln/detail/CVE-2012-2140
-  title: Mail Gem for Ruby Multiple Delivery Method Remote Shell Command Execution
+  title: 'CVE-2012-2140 rubygem-mail: arbitrary command execution when using exim
+    or sendmail from commandline'
   date: 2012-03-14
-  description: |
-    Mail Gem for Ruby contains a flaw that occurs within the sendmail and exim
-    delivery methods, which may allow an attacker to execute arbitrary shell
-    commands..
+  description: The Mail gem before 2.4.3 for Ruby allows remote attackers to execute
+    arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
   cvss_v2: 7.5
   patched_versions:
   - ">= 2.4.4"

advisories/_posts/2012-04-20-CVE-2012-2126.md

@@ -1,7 +1,7 @@
 ---
 layout: advisory
-title: 'CVE-2012-2126 (rubygems-update): RubyGems SSL Certificate Validation MitM
-  Spoofing Weakness'
+title: 'CVE-2012-2126 (rubygems-update): CVE-2012-2125 CVE-2012-2126 rubygems: Two
+  security fixes in v1.8.23'
 comments: false
 categories:
 - rubygems-update
@@ -12,12 +12,10 @@ advisory:
   cve: 2012-2126
   osvdb: 81444
   url: https://nvd.nist.gov/vuln/detail/CVE-2012-2126
-  title: RubyGems SSL Certificate Validation MitM Spoofing Weakness
+  title: 'CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23'
   date: 2012-04-20
-  description: |
-    RubyGems contains a flaw related to the validation of SSL certificates when
-    accessing certain services and APIs. This may allow a man-in-the-middle
-    attacker to spoof a valid server.
+  description: RubyGems before 1.8.23 does not verify an SSL certificate, which allows
+    remote attackers to modify a gem during installation via a man-in-the-middle attack.
   cvss_v2: 4.3
   patched_versions:
   - ">= 1.8.23"

advisories/_posts/2012-05-04-CVE-2012-6109.md

@@ -1,9 +1,7 @@
 ---
 layout: advisory
-title: 'CVE-2012-6109 (rack): Rack Regular Expressions Engine Content-Disposition
-  Header Parsing Infinite Loop Remote DoS
-
-  '
+title: 'CVE-2012-6109 (rack): CVE-2012-6109 rubygem-rack: parsing Content-Disposition
+  header DoS'
 comments: false
 categories:
 - rack
@@ -12,16 +10,12 @@ advisory:
   cve: 2012-6109
   osvdb: 89317
   url: https://nvd.nist.gov/vuln/detail/CVE-2012-6109
-  title: 'Rack Regular Expressions Engine Content-Disposition Header Parsing Infinite
-    Loop Remote DoS
-
-    '
+  title: 'CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS'
   date: 2012-05-04
-  description: |
-    Rack contains a flaw in the Regular Expressions Engine that may allow a remote
-    denial of service. The issue is triggered when parsing context-disposition
-    headers. With a specially crafted header, a remote attacker can cause an
-    infinite loop, which will result in a loss of availability for the webserver.
+  description: lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x
+    before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which
+    allows remote attackers to cause a denial of service (infinite loop) via a crafted
+    Content-Disposion header.
   cvss_v2: 4.3
   patched_versions:
   - "~> 1.1.4"

advisories/_posts/2012-05-31-CVE-2012-2660.md

@@ -1,7 +1,7 @@
 ---
 layout: advisory
-title: 'CVE-2012-2660 (activerecord): Ruby on Rails ActiveRecord Class Rack Query
-  Parameter Parsing SQL Query Arbitrary IS NULL Clause Injection'
+title: 'CVE-2012-2660 (activerecord): CVE-2012-2660 rubygem-actionpack: Unsafe query
+  generation'
 comments: false
 categories:
 - activerecord
@@ -12,15 +12,14 @@ advisory:
   cve: 2012-2660
   osvdb: 82610
   url: https://nvd.nist.gov/vuln/detail/CVE-2012-2660
-  title: Ruby on Rails ActiveRecord Class Rack Query Parameter Parsing SQL Query Arbitrary
-    IS NULL Clause Injection
+  title: 'CVE-2012-2660 rubygem-actionpack: Unsafe query generation'
   date: 2012-05-31
-  description: |
-    Ruby on Rails contains a flaw related to the way ActiveRecord handles
-    parameters in conjunction with the way Rack parses query parameters.
-    This issue may allow an attacker to inject arbitrary 'IS NULL' clauses in
-    to application SQL queries. This may also allow an attacker to have the
-    SQL query check for NULL in arbitrary places.
+  description: actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before
+    3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider
+    differences in parameter handling between the Active Record component and the
+    Rack interface, which allows remote attackers to bypass intended database-query
+    restrictions and perform NULL checks via a crafted request, as demonstrated by
+    certain "[nil]" values, a related issue to CVE-2012-2694.
   cvss_v2: 7.5
   patched_versions:
   - "~> 3.0.13"

advisories/_posts/2012-05-31-CVE-2012-2661.md

@@ -1,7 +1,7 @@
 ---
 layout: advisory
-title: 'CVE-2012-2661 (activerecord): Ruby on Rails where Method ActiveRecord Class
-  SQL Injection'
+title: 'CVE-2012-2661 (activerecord): CVE-2012-2661 rubygem-activerecord: SQL injection
+  when processing nested query paramaters'
 comments: false
 categories:
 - activerecord
@@ -12,14 +12,14 @@ advisory:
   cve: 2012-2661
   osvdb: 82403
   url: https://nvd.nist.gov/vuln/detail/CVE-2012-2661
-  title: Ruby on Rails where Method ActiveRecord Class SQL Injection
+  title: 'CVE-2012-2661 rubygem-activerecord: SQL injection when processing nested
+    query paramaters'
   date: 2012-05-31
-  description: |
-    Ruby on Rails (RoR) contains a flaw that may allow an attacker to carry out
-    an SQL injection attack. The issue is due to the ActiveRecord class not
-    properly sanitizing user-supplied input to the 'where' method. This may
-    allow an attacker to inject or manipulate SQL queries in an application
-    built on RoR, allowing for the manipulation or disclosure of arbitrary data.
+  description: The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x
+    before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of
+    request data to a where method in an ActiveRecord class, which allows remote attackers
+    to conduct certain SQL injection attacks via nested query parameters that leverage
+    unintended recursion, a related issue to CVE-2012-2695.
   cvss_v2: 5.0
   unaffected_versions:
   - "~> 2.3.14"

advisories/_posts/2012-06-08-CVE-2012-6685.md

@@ -1,7 +1,7 @@
 ---
 layout: advisory
-title: 'CVE-2012-6685 (nokogiri): Nokogiri Gem for Ruby External Entity (XXE) Expansion
-  Internal Network Response Remote Disclosure'
+title: 'CVE-2012-6685 (nokogiri): CVE-2012-6685 rubygem-nokogiri: XML eXternal Entity
+  (XXE) flaw'
 comments: false
 categories:
 - nokogiri
@@ -10,13 +10,9 @@ advisory:
   cve: 2012-6685
   osvdb: 90946
   url: https://nvd.nist.gov/vuln/detail/CVE-2012-6685
-  title: Nokogiri Gem for Ruby External Entity (XXE) Expansion Internal Network Response
-    Remote Disclosure
+  title: 'CVE-2012-6685 rubygem-nokogiri: XML eXternal Entity (XXE) flaw'
   date: 2012-06-08
-  description: libxml2 contains a flaw that may lead to unauthorized disclosure of
-    potentially sensitive information. The issue is triggered when handling the expansion
-    of XML external entities (XXE), which can be used to trigger URL's on an internal
-    network and allow a remote attacker to gain access to their responses.
+  description: Nokogiri before 1.5.4 is vulnerable to XXE attacks
   cvss_v2: 5.0
   patched_versions:
   - ">= 1.5.4"