Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Translate CVE 2024 27282, Ruby 3.0.7, 3.1.5, 3.2.4, 3.3.1 released (ja) #3236

Merged
merged 4 commits into from
May 10, 2024
Merged

Translate CVE 2024 27282, Ruby 3.0.7, 3.1.5, 3.2.4, 3.3.1 released (ja) #3236

merged 4 commits into from
May 10, 2024

Conversation

HiroyasuTawara
Copy link
Contributor

Translation (ja) of posts:

  • CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search
  • Ruby 3.0.7 Released
  • Ruby 3.1.5 Released
  • Ruby 3.2.4 Released
  • Ruby 3.3.1 Released

@HiroyasuTawara HiroyasuTawara requested a review from a team as a code owner May 9, 2024 07:46
shugo
shugo reviewed May 9, 2024
View reviewed changes
ja/news/_posts/2024-04-23-ruby-3-0-7-released.md Outdated
Comment on lines 15 to 17
* [CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search]({%link ja/news/_posts/2024-04-23-arbitrary-memory-address-read-regexp-cve-2024-27282.md %})
* [CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc]({%link ja/news/_posts/2024-03-21-rce-rdoc-cve-2024-27281.md %})
* [CVE-2024-27280: Buffer overread vulnerability in StringIO]({%link ja/news/_posts/2024-03-21-buffer-overread-cve-2024-27280.md %})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ここも日本語のタイトルにしていただけるとありがたいです。

ja/news/_posts/2024-04-23-ruby-3-1-5-released.md Outdated
Comment on lines 15 to 17
* [CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search]({%link ja/news/_posts/2024-04-23-arbitrary-memory-address-read-regexp-cve-2024-27282.md %})
* [CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc]({%link ja/news/_posts/2024-03-21-rce-rdoc-cve-2024-27281.md %})
* [CVE-2024-27280: Buffer overread vulnerability in StringIO]({%link ja/news/_posts/2024-03-21-buffer-overread-cve-2024-27280.md %})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ここも同様です。

ja/news/_posts/2024-04-23-ruby-3-2-4-released.md Outdated
Comment on lines 15 to 17
* [CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search]({%link ja/news/_posts/2024-04-23-arbitrary-memory-address-read-regexp-cve-2024-27282.md %})
* [CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc]({%link ja/news/_posts/2024-03-21-rce-rdoc-cve-2024-27281.md %})
* [CVE-2024-27280: Buffer overread vulnerability in StringIO]({%link ja/news/_posts/2024-03-21-buffer-overread-cve-2024-27280.md %})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ここも同様です。

ja/news/_posts/2024-04-23-ruby-3-3-1-released.md Outdated
Comment on lines 15 to 17
* [CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search]({%link ja/news/_posts/2024-04-23-arbitrary-memory-address-read-regexp-cve-2024-27282.md %})
* [CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc]({%link ja/news/_posts/2024-03-21-rce-rdoc-cve-2024-27281.md %})
* [CVE-2024-27280: Buffer overread vulnerability in StringIO]({%link ja/news/_posts/2024-03-21-buffer-overread-cve-2024-27280.md %})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ここも同様です。

shugo
shugo reviewed May 9, 2024
View reviewed changes
ja/news/_posts/2024-04-23-arbitrary-memory-address-read-regexp-cve-2024-27282.md Outdated

Ruby 3.x から 3.3.0 で問題が見つかりました。

攻撃者から与えられたデータを Ruby 正規表現コンパイラが受け取った場合、ポインタや機密文字列を含む、テキストの先頭を基準とした任意のヒープデータを抽出することが可能になります。
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

「テキストの先頭を基準とした任意のヒープデータ」は「テキストの先頭からの相対アドレス上の任意のヒープデータ」くらいの方がわかりやすいかもしれません。

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ご指摘いただいた箇所を修正しました。
確認よろしくお願いします。

shugo
shugo approved these changes May 10, 2024
View reviewed changes
Copy link
Member

@shugo shugo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

修正を確認しました 👍

shugo
shugo reviewed May 10, 2024
View reviewed changes
ja/news/_posts/2024-04-23-ruby-3-1-5-released.md Outdated
## リリースコメント

Ruby 開発者の皆様、バグや脆弱性を報告してくれたユーザーの皆様のご協力により本リリースは行われています。
皆様のご協力に感謝します。
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

いったんapproveしましたが、ファイル末尾に改行がないようなので修正をお願いします

https://github.com/ruby/www.ruby-lang.org/actions/runs/9015291959/job/24801827855?pr=3236

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

末尾の改行を追加しました。
確認よろしくお願いします。

@shugo shugo merged commit 5684ced into ruby:master May 10, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shugo shugo shugo approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@HiroyasuTawara @shugo