Vulnerabilities |
13 via 62 paths |
---|---|
Dependencies |
26 |
Source |
Docker |
Target OS |
alpine:3.8.2 |
critical severity
- Vulnerable module: musl/musl
- Introduced through: musl/musl@1.1.19-r10 and musl/musl-utils@1.1.19-r10
- Fixed in: 1.1.19-r11
Detailed paths
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › musl/musl@1.1.19-r10
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › musl/musl-utils@1.1.19-r10
NVD Description
Note: Versions mentioned in the description apply only to the upstream musl
package and not the musl
package as distributed by Alpine
.
See How to fix?
for Alpine:3.8
relevant fixed versions and status.
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.
Remediation
Upgrade Alpine:3.8
musl
to version 1.1.19-r11 or higher.
References
high severity
- Vulnerable module: ruby/ruby
- Introduced through: ruby/ruby@2.5.2-r0, ruby/ruby-etc@2.5.2-r0 and others
- Fixed in: 2.5.5-r0
Detailed paths
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-etc@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-irb@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-libs@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-webrick@2.5.2-r0
NVD Description
Note: Versions mentioned in the description apply only to the upstream ruby
package and not the ruby
package as distributed by Alpine
.
See How to fix?
for Alpine:3.8
relevant fixed versions and status.
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
Remediation
Upgrade Alpine:3.8
ruby
to version 2.5.5-r0 or higher.
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
- https://security-tracker.debian.org/tracker/CVE-2019-8324
- https://hackerone.com/reports/328571
- https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
- https://access.redhat.com/errata/RHSA-2019:1972
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-8324
high severity
- Vulnerable module: ruby/ruby
- Introduced through: ruby/ruby@2.5.2-r0, ruby/ruby-etc@2.5.2-r0 and others
- Fixed in: 2.5.7-r0
Detailed paths
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-etc@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-irb@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-libs@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-webrick@2.5.2-r0
NVD Description
Note: Versions mentioned in the description apply only to the upstream ruby
package and not the ruby
package as distributed by Alpine
.
See How to fix?
for Alpine:3.8
relevant fixed versions and status.
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
Remediation
Upgrade Alpine:3.8
ruby
to version 2.5.7-r0 or higher.
References
- https://seclists.org/bugtraq/2019/Dec/31
- https://seclists.org/bugtraq/2019/Dec/32
- https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
- https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/
- https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/
- https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255
- https://www.debian.org/security/2019/dsa-4587
- https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html
- https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html
- https://security-tracker.debian.org/tracker/CVE-2019-16255
- https://security.gentoo.org/glsa/202003-06
- https://hackerone.com/reports/327512
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-16255
- https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html
high severity
- Vulnerable module: ruby/ruby
- Introduced through: ruby/ruby@2.5.2-r0, ruby/ruby-etc@2.5.2-r0 and others
- Fixed in: 2.5.5-r0
Detailed paths
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-etc@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-irb@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-libs@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-webrick@2.5.2-r0
NVD Description
Note: Versions mentioned in the description apply only to the upstream ruby
package and not the ruby
package as distributed by Alpine
.
See How to fix?
for Alpine:3.8
relevant fixed versions and status.
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.
Remediation
Upgrade Alpine:3.8
ruby
to version 2.5.5-r0 or higher.
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
- https://security-tracker.debian.org/tracker/CVE-2019-8321
- https://hackerone.com/reports/317330
- https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-8321
high severity
- Vulnerable module: ruby/ruby
- Introduced through: ruby/ruby@2.5.2-r0, ruby/ruby-etc@2.5.2-r0 and others
- Fixed in: 2.5.5-r0
Detailed paths
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-etc@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-irb@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-libs@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-webrick@2.5.2-r0
NVD Description
Note: Versions mentioned in the description apply only to the upstream ruby
package and not the ruby
package as distributed by Alpine
.
See How to fix?
for Alpine:3.8
relevant fixed versions and status.
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.
Remediation
Upgrade Alpine:3.8
ruby
to version 2.5.5-r0 or higher.
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
- https://security-tracker.debian.org/tracker/CVE-2019-8323
- https://hackerone.com/reports/315081
- https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-8323
high severity
- Vulnerable module: ruby/ruby
- Introduced through: ruby/ruby@2.5.2-r0, ruby/ruby-etc@2.5.2-r0 and others
- Fixed in: 2.5.5-r0
Detailed paths
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-etc@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-irb@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-libs@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-webrick@2.5.2-r0
NVD Description
Note: Versions mentioned in the description apply only to the upstream ruby
package and not the ruby
package as distributed by Alpine
.
See How to fix?
for Alpine:3.8
relevant fixed versions and status.
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
Remediation
Upgrade Alpine:3.8
ruby
to version 2.5.5-r0 or higher.
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
- https://security-tracker.debian.org/tracker/CVE-2019-8322
- https://hackerone.com/reports/315087
- https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-8322
high severity
- Vulnerable module: ruby/ruby
- Introduced through: ruby/ruby@2.5.2-r0, ruby/ruby-etc@2.5.2-r0 and others
- Fixed in: 2.5.5-r0
Detailed paths
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-etc@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-irb@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-libs@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-webrick@2.5.2-r0
NVD Description
Note: Versions mentioned in the description apply only to the upstream ruby
package and not the ruby
package as distributed by Alpine
.
See How to fix?
for Alpine:3.8
relevant fixed versions and status.
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
Remediation
Upgrade Alpine:3.8
ruby
to version 2.5.5-r0 or higher.
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325
- https://security-tracker.debian.org/tracker/CVE-2019-8325
- https://hackerone.com/reports/317353
- https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-8325
high severity
- Vulnerable module: ruby/ruby
- Introduced through: ruby/ruby@2.5.2-r0, ruby/ruby-etc@2.5.2-r0 and others
- Fixed in: 2.5.7-r0
Detailed paths
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-etc@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-irb@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-libs@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-webrick@2.5.2-r0
NVD Description
Note: Versions mentioned in the description apply only to the upstream ruby
package and not the ruby
package as distributed by Alpine
.
See How to fix?
for Alpine:3.8
relevant fixed versions and status.
WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.
Remediation
Upgrade Alpine:3.8
ruby
to version 2.5.7-r0 or higher.
References
- https://seclists.org/bugtraq/2019/Dec/31
- https://seclists.org/bugtraq/2019/Dec/32
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201
- https://www.debian.org/security/2019/dsa-4587
- https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html
- https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html
- https://security-tracker.debian.org/tracker/CVE-2019-16201
- https://security.gentoo.org/glsa/202003-06
- https://hackerone.com/reports/661722
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-16201
- https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html
high severity
- Vulnerable module: ruby/ruby
- Introduced through: ruby/ruby@2.5.2-r0, ruby/ruby-etc@2.5.2-r0 and others
- Fixed in: 2.5.5-r0
Detailed paths
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-etc@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-irb@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-libs@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-webrick@2.5.2-r0
NVD Description
Note: Versions mentioned in the description apply only to the upstream ruby
package and not the ruby
package as distributed by Alpine
.
See How to fix?
for Alpine:3.8
relevant fixed versions and status.
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system.
Remediation
Upgrade Alpine:3.8
ruby
to version 2.5.5-r0 or higher.
References
- https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
- https://security-tracker.debian.org/tracker/CVE-2019-8320
- https://hackerone.com/reports/317321
- https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
- https://access.redhat.com/errata/RHSA-2019:1429
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-8320
medium severity
- Vulnerable module: ruby/ruby
- Introduced through: ruby/ruby@2.5.2-r0, ruby/ruby-etc@2.5.2-r0 and others
- Fixed in: 2.5.7-r0
Detailed paths
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-etc@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-irb@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-libs@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-webrick@2.5.2-r0
NVD Description
Note: Versions mentioned in the description apply only to the upstream ruby
package and not the ruby
package as distributed by Alpine
.
See How to fix?
for Alpine:3.8
relevant fixed versions and status.
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.
Remediation
Upgrade Alpine:3.8
ruby
to version 2.5.7-r0 or higher.
References
- https://seclists.org/bugtraq/2019/Dec/31
- https://seclists.org/bugtraq/2019/Dec/32
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845
- https://www.debian.org/security/2019/dsa-4587
- https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html
- https://security-tracker.debian.org/tracker/CVE-2019-15845
- https://security.gentoo.org/glsa/202003-06
- https://hackerone.com/reports/449617
- https://www.oracle.com/security-alerts/cpujan2020.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-15845
- https://usn.ubuntu.com/4201-1/
medium severity
- Vulnerable module: ruby/ruby
- Introduced through: ruby/ruby@2.5.2-r0, ruby/ruby-etc@2.5.2-r0 and others
- Fixed in: 2.5.8-r0
Detailed paths
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-etc@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-irb@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-libs@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-webrick@2.5.2-r0
NVD Description
Note: Versions mentioned in the description apply only to the upstream ruby
package and not the ruby
package as distributed by Alpine
.
See How to fix?
for Alpine:3.8
relevant fixed versions and status.
ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.'
Remediation
Upgrade Alpine:3.8
ruby
to version 2.5.8-r0 or higher.
References
medium severity
- Vulnerable module: ruby/ruby
- Introduced through: ruby/ruby@2.5.2-r0, ruby/ruby-etc@2.5.2-r0 and others
- Fixed in: 2.5.7-r0
Detailed paths
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-etc@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-irb@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-libs@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-webrick@2.5.2-r0
NVD Description
Note: Versions mentioned in the description apply only to the upstream ruby
package and not the ruby
package as distributed by Alpine
.
See How to fix?
for Alpine:3.8
relevant fixed versions and status.
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
Remediation
Upgrade Alpine:3.8
ruby
to version 2.5.7-r0 or higher.
References
- https://seclists.org/bugtraq/2019/Dec/31
- https://seclists.org/bugtraq/2019/Dec/32
- https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/
- https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/
- https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/
- https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254
- https://www.debian.org/security/2019/dsa-4586
- https://www.debian.org/security/2019/dsa-4587
- https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html
- https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html
- https://security-tracker.debian.org/tracker/CVE-2019-16254
- https://security.gentoo.org/glsa/202003-06
- https://hackerone.com/reports/331984
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-16254
- https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html
medium severity
- Vulnerable module: ruby/ruby
- Introduced through: ruby/ruby@2.5.2-r0, ruby/ruby-etc@2.5.2-r0 and others
- Fixed in: 2.5.8-r0
Detailed paths
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-etc@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-irb@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-libs@2.5.2-r0
-
Introduced through: fluent/fluentd@v0.12.43-1.1 › ruby/ruby-webrick@2.5.2-r0
NVD Description
Note: Versions mentioned in the description apply only to the upstream ruby
package and not the ruby
package as distributed by Alpine
.
See How to fix?
for Alpine:3.8
relevant fixed versions and status.
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
Remediation
Upgrade Alpine:3.8
ruby
to version 2.5.8-r0 or higher.
References
- https://security.netapp.com/advisory/ntap-20200625-0001/
- https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/
- https://www.debian.org/security/2020/dsa-4721
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/