Candidate: CVE-2015-1828
PublicDate: 2017-10-06 22:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1828
 https://github.com/ruby/openssl/issues/8
 https://groups.google.com/forum/#!topic/httprb/jkb4oxwZjkU
 https://rubysec.com/advisories/http-CVE-2015-1828
Description:
 The Ruby http gem before 0.7.3 does not verify hostnames in SSL
 connections, which might allow remote attackers to obtain sensitive
 information via a man-in-the-middle-attack.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N [5.9 MEDIUM]


Patches_ruby-http:
upstream_ruby-http: released (1.0.2-2)
precise/esm_ruby-http: DNE
trusty_ruby-http: DNE
trusty/esm_ruby-http: DNE
vivid/ubuntu-core_ruby-http: DNE
xenial_ruby-http: not-affected (1.0.2-2ubuntu2)
zesty_ruby-http: ignored (reached end-of-life)
artful_ruby-http: ignored (reached end-of-life)
bionic_ruby-http: not-affected (1.0.2-2ubuntu2)
cosmic_ruby-http: not-affected (1.0.2-2ubuntu2)
devel_ruby-http: not-affected (1.0.2-2ubuntu2)