Sha256: 9c9fa08ed54c3c5818309afcdc3f18a3382cd2c604102601999904a9976d8829

Contents?: true

Size: 700 Bytes

Versions: 5

Compression:

Stored size: 700 Bytes

Contents

---
engine: ruby
cve: 2015-1855
url: https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/
title: Ruby OpenSSL Hostname Verification
date: 2015-04-13
description: |
  After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching
  hostnames and particularly wildcard certificates.
  Ruby’s OpenSSL extension will now provide a string-based matching algorithm which
  follows more strict behavior, as recommended by these RFCs. In particular,
  matching of more than one wildcard per subject/SAN is no-longer allowed. As well,
  comparison of these values is now case-insensitive.
patched_versions:
  - ~> 2.0.0.645
  - ~> 2.1.6
  - ">= 2.2.2"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2015-1855.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/CVE-2015-1855.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2015-1855.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2015-1855.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/CVE-2015-1855.yml