Skip to content

Commit 8fb36c4

Browse files
authored
Merge pull request #1638 from biow0lf/another-fix-typos
Fix typos
2 parents 65b3055 + c14861f commit 8fb36c4

7 files changed

+14
-14
lines changed

en/news/_posts/2017-09-14-json-heap-exposure-cve-2017-14064.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,12 @@ lang: en
99
---
1010

1111
There is a heap exposure vulnerability in JSON bundled by Ruby.
12-
This vulnerability has been assgined the CVE identifier [CVE-2017-14064](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064).
12+
This vulnerability has been assigned the CVE identifier [CVE-2017-14064](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064).
1313

1414
## Details
1515

1616
The `generate` method of `JSON` module optionally accepts an instance of `JSON::Ext::Generator::State` class.
17-
If a malcious instance is passed, the result may include contents of heap.
17+
If a malicious instance is passed, the result may include contents of heap.
1818

1919
All users running an affected release should either upgrade or use one of the workarounds immediately.
2020

en/news/_posts/2017-09-14-openssl-asn1-buffer-underrun-cve-2017-14033.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
---
22
layout: news_post
3-
title: "CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docode"
3+
title: "CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode"
44
author: "usa"
55
translator:
66
date: 2017-09-14 12:00:00 +0000
@@ -9,7 +9,7 @@ lang: en
99
---
1010

1111
There is a buffer underrun vulnerability in OpenSSL bundled by Ruby.
12-
This vulnerability has been assgined the CVE identifier [CVE-2017-14033](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033).
12+
This vulnerability has been assigned the CVE identifier [CVE-2017-14033](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14033).
1313

1414
## Details
1515

en/news/_posts/2017-09-14-ruby-2-2-8-released.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,12 +13,12 @@ Please check the topics below for details.
1313

1414
* [CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf](/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/)
1515
* [CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick](/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/)
16-
* [CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docode](/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/)
16+
* [CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode](/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/)
1717
* [CVE-2017-14064: Heap exposure vulnerability in generating JSON](/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/)
1818
* [Multiple vulnerabilities in RubyGems](/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/)
1919
* Updated bundled libyaml to version 0.1.7
2020

21-
Ruby 2.2 is now under the state of the security maintenance phase, until the endo of the March of 2018.
21+
Ruby 2.2 is now under the state of the security maintenance phase, until the end of the March of 2018.
2222
After the date, maintenance of Ruby 2.2 will be ended.
2323
We recommend you start planning migration to newer versions of Ruby, such as 2.4 or 2.3.
2424

en/news/_posts/2017-09-14-ruby-2-3-5-released.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ Please check the topics below for details.
1414

1515
* [CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf](/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/)
1616
* [CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick](/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/)
17-
* [CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docode](/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/)
17+
* [CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode](/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/)
1818
* [CVE-2017-14064: Heap exposure vulnerability in generating JSON](/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/)
1919
* [Multiple vulnerabilities in RubyGems](/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/)
2020
* Updated bundled libyaml to version 0.1.7

en/news/_posts/2017-09-14-ruby-2-4-2-released.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ This release contains some security fixes.
1212

1313
* [CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf](/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/)
1414
* [CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick](/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/)
15-
* [CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docod](/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/)
15+
* [CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode](/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/)
1616
* [CVE-2017-14064: Heap exposure in generating JSON](/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/)
1717
* [Multiple vulnerabilities in RubyGems](/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/)
1818
* Update bundled libyaml to version 0.1.7.

en/news/_posts/2017-09-14-sprintf-buffer-underrun-cve-2017-0898.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,12 @@ lang: en
99
---
1010

1111
There is a buffer underrun vulnerability in the `sprintf` method of `Kernel` module.
12-
This vulnerability has been assgined the CVE identifier [CVE-2017-0898](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898).
12+
This vulnerability has been assigned the CVE identifier [CVE-2017-0898](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0898).
1313

1414
## Details
1515

16-
If a malcious format string which contains a precious specifier (`*`) is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused.
17-
In such situcation, the result may contains heap, or the Ruby interpreter may crash.
16+
If a malicious format string which contains a precious specifier (`*`) is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused.
17+
In such situation, the result may contains heap, or the Ruby interpreter may crash.
1818

1919
All users running an affected release should upgrade immediately.
2020

en/news/_posts/2017-09-14-webrick-basic-auth-escape-sequence-injection-cve-2017-10784.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,13 @@ tags: security
88
lang: en
99
---
1010

11-
There is an escape sequence injection vulnerabirity in the Basic authentication of WEBrick bundled by Ruby.
12-
This vulnerability has been assgined the CVE identifier [CVE-2017-10784](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784).
11+
There is an escape sequence injection vulnerability in the Basic authentication of WEBrick bundled by Ruby.
12+
This vulnerability has been assigned the CVE identifier [CVE-2017-10784](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10784).
1313

1414
## Details
1515

1616
When using the Basic authentication of WEBrick, clients can pass an arbitrary string as the user name.
17-
WEBrick outputs the passed user name intact to its log, then an attacker can inject malcious escape sequences to the log and dangerours control characters may be executed on a victim's terminal emulator.
17+
WEBrick outputs the passed user name intact to its log, then an attacker can inject malicious escape sequences to the log and dangerous control characters may be executed on a victim's terminal emulator.
1818

1919
This vulnerability is similar to [a vulnerability already fixed](/en/news/2010/01/10/webrick-escape-sequence-injection/), but it had not been fixed in the Basic authentication.
2020

0 commit comments

Comments
 (0)