-
Notifications
You must be signed in to change notification settings - Fork 599
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Translate CVE 2024 27282, Ruby 3.0.7, 3.1.5, 3.2.4, 3.3.1 released (ja) #3236
Translate CVE 2024 27282, Ruby 3.0.7, 3.1.5, 3.2.4, 3.3.1 released (ja) #3236
Conversation
* [CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search]({%link ja/news/_posts/2024-04-23-arbitrary-memory-address-read-regexp-cve-2024-27282.md %}) | ||
* [CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc]({%link ja/news/_posts/2024-03-21-rce-rdoc-cve-2024-27281.md %}) | ||
* [CVE-2024-27280: Buffer overread vulnerability in StringIO]({%link ja/news/_posts/2024-03-21-buffer-overread-cve-2024-27280.md %}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ここも日本語のタイトルにしていただけるとありがたいです。
* [CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search]({%link ja/news/_posts/2024-04-23-arbitrary-memory-address-read-regexp-cve-2024-27282.md %}) | ||
* [CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc]({%link ja/news/_posts/2024-03-21-rce-rdoc-cve-2024-27281.md %}) | ||
* [CVE-2024-27280: Buffer overread vulnerability in StringIO]({%link ja/news/_posts/2024-03-21-buffer-overread-cve-2024-27280.md %}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ここも同様です。
* [CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search]({%link ja/news/_posts/2024-04-23-arbitrary-memory-address-read-regexp-cve-2024-27282.md %}) | ||
* [CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc]({%link ja/news/_posts/2024-03-21-rce-rdoc-cve-2024-27281.md %}) | ||
* [CVE-2024-27280: Buffer overread vulnerability in StringIO]({%link ja/news/_posts/2024-03-21-buffer-overread-cve-2024-27280.md %}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ここも同様です。
* [CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search]({%link ja/news/_posts/2024-04-23-arbitrary-memory-address-read-regexp-cve-2024-27282.md %}) | ||
* [CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc]({%link ja/news/_posts/2024-03-21-rce-rdoc-cve-2024-27281.md %}) | ||
* [CVE-2024-27280: Buffer overread vulnerability in StringIO]({%link ja/news/_posts/2024-03-21-buffer-overread-cve-2024-27280.md %}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ここも同様です。
|
||
Ruby 3.x から 3.3.0 で問題が見つかりました。 | ||
|
||
攻撃者から与えられたデータを Ruby 正規表現コンパイラが受け取った場合、ポインタや機密文字列を含む、テキストの先頭を基準とした任意のヒープデータを抽出することが可能になります。 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
「テキストの先頭を基準とした任意のヒープデータ」は「テキストの先頭からの相対アドレス上の任意のヒープデータ」くらいの方がわかりやすいかもしれません。
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ご指摘いただいた箇所を修正しました。
確認よろしくお願いします。
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
修正を確認しました 👍
## リリースコメント | ||
|
||
Ruby 開発者の皆様、バグや脆弱性を報告してくれたユーザーの皆様のご協力により本リリースは行われています。 | ||
皆様のご協力に感謝します。 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
いったんapproveしましたが、ファイル末尾に改行がないようなので修正をお願いします
https://github.com/ruby/www.ruby-lang.org/actions/runs/9015291959/job/24801827855?pr=3236
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
末尾の改行を追加しました。
確認よろしくお願いします。
9711e69
to
b739ecc
Compare
Translation (ja) of posts: