Candidate: CVE-2016-6582
PublicDate: 2017-01-23 21:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6582
 https://github.com/doorkeeper-gem/doorkeeper/commit/fb938051777a3c9cb071e96fc66458f8f615bd53
 https://github.com/doorkeeper-gem/doorkeeper/issues/875
Description:
 The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to
 conduct replay attacks or revoke arbitrary tokens by leveraging failure to
 implement the OAuth 2.0 Token Revocation specification.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834843
Priority: medium
Discovered-by: Jonathan Clem
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H [9.1 CRITICAL]

Patches_ruby-doorkeeper:
upstream_ruby-doorkeeper: released (4.2.0-1)
precise_ruby-doorkeeper: DNE
precise/esm_ruby-doorkeeper: DNE
trusty_ruby-doorkeeper: DNE
trusty/esm_ruby-doorkeeper: DNE
vivid/stable-phone-overlay_ruby-doorkeeper: DNE
vivid/ubuntu-core_ruby-doorkeeper: DNE
xenial_ruby-doorkeeper: ignored (end of standard support, was needed)
yakkety_ruby-doorkeeper: not-affected (4.2.0-3)
zesty_ruby-doorkeeper: not-affected
artful_ruby-doorkeeper: not-affected
bionic_ruby-doorkeeper: not-affected
cosmic_ruby-doorkeeper: not-affected
disco_ruby-doorkeeper: not-affected
eoan_ruby-doorkeeper: not-affected
focal_ruby-doorkeeper: not-affected
groovy_ruby-doorkeeper: not-affected
hirsute_ruby-doorkeeper: not-affected
impish_ruby-doorkeeper: not-affected
jammy_ruby-doorkeeper: not-affected
devel_ruby-doorkeeper: not-affected