{"affected":[{"ecosystem_specific":{"binaries":[{"ruby19":"1.9.3.p392-0.26.1","ruby19-devel":"1.9.3.p392-0.26.1","ruby19-devel-extra":"1.9.3.p392-0.26.1"}]},"package":{"ecosystem":"SUSE:Studio Onsite 1.3","name":"ruby19","purl":"pkg:rpm/suse/ruby19&distro=SUSE%20Studio%20Onsite%201.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.9.3.p392-0.26.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ruby19":"1.9.3.p392-0.26.1","ruby19-devel":"1.9.3.p392-0.26.1","ruby19-devel-extra":"1.9.3.p392-0.26.1"}]},"package":{"ecosystem":"SUSE:Studio Onsite Runner 1.3","name":"ruby19","purl":"pkg:rpm/suse/ruby19&distro=SUSE%20Studio%20Onsite%20Runner%201.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.9.3.p392-0.26.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for ruby19 fixes the following issues:\n\nSecurity issue fixed:\n- CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' (bsc#1018808)\n\nBugfixes:\n- fix small mistake in the backport for (bsc#986630)\n- HTTP Header injection in 'net/http' (bsc#986630)\n- make the testsuite work with our new openssl requirements\n","id":"SUSE-SU-2017:0914-1","modified":"2017-04-03T15:26:04Z","published":"2017-04-03T15:26:04Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20170914-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1018808"},{"type":"REPORT","url":"https://bugzilla.suse.com/986630"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2339"}],"related":["CVE-2016-2339"],"summary":"Security update for ruby19","upstream":["CVE-2016-2339"]}