Candidate: CVE-2019-17383
PublicDate: 2019-10-09 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17383
 https://github.com/dspinhirne/netaddr-rb/commit/3aac46c00a36e71905eaa619cb94d45bff6e3b51
 https://rubygems.org/gems/netaddr/versions
Description:
 The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions,
 such that a gem install may result in 0777 permissions in the target
 filesystem.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_ruby-netaddr:
upstream_ruby-netaddr: needs-triage
precise/esm_ruby-netaddr: DNE
trusty_ruby-netaddr: ignored (out of standard support)
trusty/esm_ruby-netaddr: DNE
xenial_ruby-netaddr: DNE
bionic_ruby-netaddr: needs-triage
disco_ruby-netaddr: ignored (reached end-of-life)
eoan_ruby-netaddr: ignored (reached end-of-life)
focal_ruby-netaddr: needs-triage
groovy_ruby-netaddr: ignored (reached end-of-life)
hirsute_ruby-netaddr: ignored (reached end-of-life)
impish_ruby-netaddr: needs-triage
jammy_ruby-netaddr: needs-triage
devel_ruby-netaddr: needs-triage