{"affected":[{"ecosystem_specific":{"binaries":[{"ruby19":"1.9.3.p392-0.23.1","ruby19-devel":"1.9.3.p392-0.23.1","ruby19-devel-extra":"1.9.3.p392-0.23.1"}]},"package":{"ecosystem":"SUSE:Studio Onsite 1.3","name":"ruby19","purl":"pkg:rpm/suse/ruby19&distro=SUSE%20Studio%20Onsite%201.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.9.3.p392-0.23.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"ruby19 was updated to fix two security issues.\n\nThe following vulnerabilities were fixed:\n\n* CVE-2015-1855: Ruby OpenSSL hostname verification was too permissive (bsc#926974).\n* CVE-2009-5147: DL::dlopen could have loaded a library with tainted library name even if $SAFE > 0 (bsc#939860).","id":"SUSE-SU-2015:1889-1","modified":"2015-10-05T09:31:55Z","published":"2015-10-05T09:31:55Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20151889-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/926974"},{"type":"REPORT","url":"https://bugzilla.suse.com/939860"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2009-5147"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-1855"}],"related":["CVE-2009-5147","CVE-2015-1855"],"summary":"Security update for ruby19","upstream":["CVE-2009-5147","CVE-2015-1855"]}