CVE-2015-9096

Priority
Medium
Description
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via
CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF
sequences immediately before and after a DATA substring.
References
Bugs
Package
Upstream:needed
Ubuntu 17.10 (Artful Aardvark):released (2.3.3-1ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.3.1-2~16.04.2)
Ubuntu 17.04 (Zesty Zapus):released (2.3.3-1ubuntu0.1)
Patches:
Upstream:https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee
Package
Upstream:needed
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.9.3.484-2ubuntu1.3)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:needed
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (2.0.0.484-1ubuntu2.4)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
More Information

Updated: 2017-08-11 23:54:10 UTC (commit 13081)