From ae61184e8e30c8d9dd63e1477636bccd6ab3e784 Mon Sep 17 00:00:00 2001 From: Shia Date: Sun, 1 Jan 2023 11:10:59 +0900 Subject: [PATCH 1/5] Copy related news from en --- ...errun-in-string-to-float-cve-2022-28739.md | 35 ++++++++++ ...ee-in-regexp-compilation-cve-2022-28738.md | 35 ++++++++++ .../_posts/2022-04-12-ruby-2-6-10-released.md | 59 +++++++++++++++++ .../_posts/2022-04-12-ruby-2-7-6-released.md | 64 +++++++++++++++++++ .../_posts/2022-04-12-ruby-3-0-4-released.md | 48 ++++++++++++++ .../_posts/2022-04-12-ruby-3-1-2-released.md | 48 ++++++++++++++ 6 files changed, 289 insertions(+) create mode 100644 ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md create mode 100644 ko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md create mode 100644 ko/news/_posts/2022-04-12-ruby-2-6-10-released.md create mode 100644 ko/news/_posts/2022-04-12-ruby-2-7-6-released.md create mode 100644 ko/news/_posts/2022-04-12-ruby-3-0-4-released.md create mode 100644 ko/news/_posts/2022-04-12-ruby-3-1-2-released.md diff --git a/ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md b/ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md new file mode 100644 index 0000000000..2fb26a02c5 --- /dev/null +++ b/ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md @@ -0,0 +1,35 @@ +--- +layout: news_post +title: "CVE-2022-28739: Buffer overrun in String-to-Float conversion" +author: "mame" +translator: +date: 2022-04-12 12:00:00 +0000 +tags: security +lang: en +--- + +A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. +This vulnerability has been assigned the CVE identifier [CVE-2022-28739](https://nvd.nist.gov/vuln/detail/CVE-2022-28739). +We strongly recommend upgrading Ruby. + +## Details + +Due to a bug in an internal function that converts a String to a Float, some conversion methods like `Kernel#Float` and `String#to_f` could cause buffer over-read. +A typical consequence is a process termination due to segmentation fault, but under limited circumstances, it may be exploitable for illegal memory read. + +Please update Ruby to 2.6.10, 2.7.6, 3.0.4, or 3.1.2. + +## Affected versions + +* ruby 2.6.9 or prior +* ruby 2.7.5 or prior +* ruby 3.0.3 or prior +* ruby 3.1.1 or prior + +## Credits + +Thanks to [piao](https://hackerone.com/piao?type=user) for discovering this issue. + +## History + +* Originally published at 2022-04-12 12:00:00 (UTC) diff --git a/ko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md b/ko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md new file mode 100644 index 0000000000..9aecdec3d1 --- /dev/null +++ b/ko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md @@ -0,0 +1,35 @@ +--- +layout: news_post +title: "CVE-2022-28738: Double free in Regexp compilation" +author: "mame" +translator: +date: 2022-04-12 12:00:00 +0000 +tags: security +lang: en +--- + +A double-free vulnerability is discovered in Regexp compilation. +This vulnerability has been assigned the CVE identifier [CVE-2022-28738](https://nvd.nist.gov/vuln/detail/CVE-2022-28738). +We strongly recommend upgrading Ruby. + +## Details + +Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a "double free" vulnerability. +Note that, in general, it is considered unsafe to create and use a Regexp object generated from untrusted input. In this case, however, following a comprehensive assessment, we treat this issue as a vulnerability. + +Please update Ruby to 3.0.4, or 3.1.2. + +## Affected versions + +* ruby 3.0.3 or prior +* ruby 3.1.1 or prior + +Note that ruby 2.6 series and 2.7 series are not affected. + +## Credits + +Thanks to [piao](https://hackerone.com/piao?type=user) for discovering this issue. + +## History + +* Originally published at 2022-04-12 12:00:00 (UTC) diff --git a/ko/news/_posts/2022-04-12-ruby-2-6-10-released.md b/ko/news/_posts/2022-04-12-ruby-2-6-10-released.md new file mode 100644 index 0000000000..2f24f2d5ee --- /dev/null +++ b/ko/news/_posts/2022-04-12-ruby-2-6-10-released.md @@ -0,0 +1,59 @@ +--- +layout: news_post +title: "Ruby 2.6.10 Released" +author: "usa and mame" +translator: +date: 2022-04-12 12:00:00 +0000 +lang: en +--- + +Ruby 2.6.10 has been released. + +This release includes a security fix. +Please check the topics below for details. + +* [CVE-2022-28739: Buffer overrun in String-to-Float conversion]({%link en/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md %}) + +This release also includes a fix of a build problem with very old compilers and a fix of a regression of date library. +See the [commit logs](https://github.com/ruby/ruby/compare/v2_6_9...v2_6_10) for further details. + +After this release, Ruby 2.6 reaches EOL. In other words, this is expected to be the last release of Ruby 2.6 series. +We will not release Ruby 2.6.11 even if a security vulnerability is found (but could release if a severe regression is found). +We recommend all Ruby 2.6 users to start migration to Ruby 3.1, 3.0, or 2.7 immediately. + +## Download + +{% assign release = site.data.releases | where: "version", "2.6.10" | first %} + +* <{{ release.url.bz2 }}> + + SIZE: {{ release.size.bz2 }} + SHA1: {{ release.sha1.bz2 }} + SHA256: {{ release.sha256.bz2 }} + SHA512: {{ release.sha512.bz2 }} + +* <{{ release.url.gz }}> + + SIZE: {{ release.size.gz }} + SHA1: {{ release.sha1.gz }} + SHA256: {{ release.sha256.gz }} + SHA512: {{ release.sha512.gz }} + +* <{{ release.url.xz }}> + + SIZE: {{ release.size.xz }} + SHA1: {{ release.sha1.xz }} + SHA256: {{ release.sha256.xz }} + SHA512: {{ release.sha512.xz }} + +* <{{ release.url.zip }}> + + SIZE: {{ release.size.zip }} + SHA1: {{ release.sha1.zip }} + SHA256: {{ release.sha256.zip }} + SHA512: {{ release.sha512.zip }} + +## Release Comment + +Many committers, developers, and users who provided bug reports helped us make this release. +Thanks for their contributions. diff --git a/ko/news/_posts/2022-04-12-ruby-2-7-6-released.md b/ko/news/_posts/2022-04-12-ruby-2-7-6-released.md new file mode 100644 index 0000000000..d8dc847cac --- /dev/null +++ b/ko/news/_posts/2022-04-12-ruby-2-7-6-released.md @@ -0,0 +1,64 @@ +--- +layout: news_post +title: "Ruby 2.7.6 Released" +author: "usa and mame" +translator: +date: 2022-04-12 12:00:00 +0000 +lang: en +--- + +Ruby 2.7.6 has been released. + +This release includes a security fix. +Please check the topics below for details. + +* [CVE-2022-28739: Buffer overrun in String-to-Float conversion]({%link en/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md %}) + +This release also includes some bug fixes. +See the [commit logs](https://github.com/ruby/ruby/compare/v2_7_5...v2_7_6) for further details. + +After this release, we end the normal maintenance phase of Ruby 2.7, and Ruby 2.7 enters the security maintenance phase. +This means that we will no longer backport any bug fixes to Ruby 2.7 except security fixes. + +The term of the security maintenance phase is scheduled for a year. +Ruby 2.7 reaches EOL and its official support ends by the end of the security maintenance phase. +Therefore, we recommend that you start to plan upgrade to Ruby 3.0 or 3.1. + +## Download + +{% assign release = site.data.releases | where: "version", "2.7.6" | first %} + +* <{{ release.url.bz2 }}> + + SIZE: {{ release.size.bz2 }} + SHA1: {{ release.sha1.bz2 }} + SHA256: {{ release.sha256.bz2 }} + SHA512: {{ release.sha512.bz2 }} + +* <{{ release.url.gz }}> + + SIZE: {{ release.size.gz }} + SHA1: {{ release.sha1.gz }} + SHA256: {{ release.sha256.gz }} + SHA512: {{ release.sha512.gz }} + +* <{{ release.url.xz }}> + + SIZE: {{ release.size.xz }} + SHA1: {{ release.sha1.xz }} + SHA256: {{ release.sha256.xz }} + SHA512: {{ release.sha512.xz }} + +* <{{ release.url.zip }}> + + SIZE: {{ release.size.zip }} + SHA1: {{ release.sha1.zip }} + SHA256: {{ release.sha256.zip }} + SHA512: {{ release.sha512.zip }} + +## Release Comment + +Many committers, developers, and users who provided bug reports helped us make this release. +Thanks for their contributions. + +The maintenance of Ruby 2.7, including this release, is based on the "Agreement for the Ruby stable version" of the Ruby Association. diff --git a/ko/news/_posts/2022-04-12-ruby-3-0-4-released.md b/ko/news/_posts/2022-04-12-ruby-3-0-4-released.md new file mode 100644 index 0000000000..132ed92440 --- /dev/null +++ b/ko/news/_posts/2022-04-12-ruby-3-0-4-released.md @@ -0,0 +1,48 @@ +--- +layout: news_post +title: "Ruby 3.0.4 Released" +author: "nagachika and mame" +translator: +date: 2022-04-12 12:00:00 +0000 +lang: en +--- + +Ruby 3.0.4 has been released. + +This release includes security fixes. +Please check the topics below for details. + +* [CVE-2022-28738: Double free in Regexp compilation]({%link en/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md %}) +* [CVE-2022-28739: Buffer overrun in String-to-Float conversion]({%link en/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md %}) + +See the [commit logs](https://github.com/ruby/ruby/compare/v3_0_3...v3_0_4) for further details. + +## Download + +{% assign release = site.data.releases | where: "version", "3.0.4" | first %} + +* <{{ release.url.gz }}> + + SIZE: {{ release.size.gz }} + SHA1: {{ release.sha1.gz }} + SHA256: {{ release.sha256.gz }} + SHA512: {{ release.sha512.gz }} + +* <{{ release.url.xz }}> + + SIZE: {{ release.size.xz }} + SHA1: {{ release.sha1.xz }} + SHA256: {{ release.sha256.xz }} + SHA512: {{ release.sha512.xz }} + +* <{{ release.url.zip }}> + + SIZE: {{ release.size.zip }} + SHA1: {{ release.sha1.zip }} + SHA256: {{ release.sha256.zip }} + SHA512: {{ release.sha512.zip }} + +## Release Comment + +Many committers, developers, and users who provided bug reports helped us make this release. +Thanks for their contributions. diff --git a/ko/news/_posts/2022-04-12-ruby-3-1-2-released.md b/ko/news/_posts/2022-04-12-ruby-3-1-2-released.md new file mode 100644 index 0000000000..f01141d897 --- /dev/null +++ b/ko/news/_posts/2022-04-12-ruby-3-1-2-released.md @@ -0,0 +1,48 @@ +--- +layout: news_post +title: "Ruby 3.1.2 Released" +author: "naruse and mame" +translator: +date: 2022-04-12 12:00:00 +0000 +lang: en +--- + +Ruby 3.1.2 has been released. + +This release includes security fixes. +Please check the topics below for details. + +* [CVE-2022-28738: Double free in Regexp compilation]({%link en/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md %}) +* [CVE-2022-28739: Buffer overrun in String-to-Float conversion]({%link en/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md %}) + +See the [commit logs](https://github.com/ruby/ruby/compare/v3_1_1...v3_1_2) for further details. + +## Download + +{% assign release = site.data.releases | where: "version", "3.1.2" | first %} + +* <{{ release.url.gz }}> + + SIZE: {{ release.size.gz }} + SHA1: {{ release.sha1.gz }} + SHA256: {{ release.sha256.gz }} + SHA512: {{ release.sha512.gz }} + +* <{{ release.url.xz }}> + + SIZE: {{ release.size.xz }} + SHA1: {{ release.sha1.xz }} + SHA256: {{ release.sha256.xz }} + SHA512: {{ release.sha512.xz }} + +* <{{ release.url.zip }}> + + SIZE: {{ release.size.zip }} + SHA1: {{ release.sha1.zip }} + SHA256: {{ release.sha256.zip }} + SHA512: {{ release.sha512.zip }} + +## Release Comment + +Many committers, developers, and users who provided bug reports helped us make this release. +Thanks for their contributions. From fe1832a966ebb40bddc07c37e93c9f7daf350987 Mon Sep 17 00:00:00 2001 From: Shia Date: Sun, 1 Jan 2023 11:16:12 +0900 Subject: [PATCH 2/5] Translate "CVE-2022-28739: Buffer overrun in String-to-Float conversion" --- ...errun-in-string-to-float-cve-2022-28739.md | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md b/ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md index 2fb26a02c5..8d70e62526 100644 --- a/ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md +++ b/ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md @@ -1,35 +1,35 @@ --- layout: news_post -title: "CVE-2022-28739: Buffer overrun in String-to-Float conversion" +title: "CVE-2022-28739: String에서 Float로 변환할 때의 버퍼 오버런" author: "mame" -translator: +translator: "shia" date: 2022-04-12 12:00:00 +0000 tags: security -lang: en +lang: ko --- -A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. -This vulnerability has been assigned the CVE identifier [CVE-2022-28739](https://nvd.nist.gov/vuln/detail/CVE-2022-28739). -We strongly recommend upgrading Ruby. +String에서 Float로 변환하는 알고리즘에서 버퍼 오버런 취약점이 발견되었습니다. +이 취약점은 CVE 번호 [CVE-2022-28739](https://nvd.nist.gov/vuln/detail/CVE-2022-28739)로 등록되었습니다. +Ruby를 갱신하는 것을 강력히 권장합니다. -## Details +## 세부 내용 -Due to a bug in an internal function that converts a String to a Float, some conversion methods like `Kernel#Float` and `String#to_f` could cause buffer over-read. -A typical consequence is a process termination due to segmentation fault, but under limited circumstances, it may be exploitable for illegal memory read. +String에서 Float로 변환하는 내부 함수의 버그로 인해, `Kernel#Float`와 `Sting#to_f` 등의 몇몇 메서드가 버퍼를 과도하게 읽어 들일 수 있습니다. +일반적으로는 세그먼트 폴트가 발생해 프로세스가 종료됩니다만, 제한된 환경에서 범위 밖의 메모리를 읽기 위해 악용될 수 있습니다. -Please update Ruby to 2.6.10, 2.7.6, 3.0.4, or 3.1.2. +Ruby를 2.6.10, 2.7.6, 3.0.4, or 3.1.2로 갱신해 주세요. -## Affected versions +## 해당 버전 -* ruby 2.6.9 or prior -* ruby 2.7.5 or prior -* ruby 3.0.3 or prior -* ruby 3.1.1 or prior +* Ruby 2.6.9 이하 +* Ruby 2.7.5 이하 +* Ruby 3.0.3 이하 +* Ruby 3.1.1 이하 -## Credits +## 도움을 준 사람 -Thanks to [piao](https://hackerone.com/piao?type=user) for discovering this issue. +이 문제를 발견해 준 [piao](https://hackerone.com/piao?type=user)에게 감사를 표합니다. -## History +## 수정 이력 -* Originally published at 2022-04-12 12:00:00 (UTC) +* 2022-04-12 12:00:00 (UTC) 최초 공개 From 5b39cf5663b2700f49693a0f0b8c5836062e99b9 Mon Sep 17 00:00:00 2001 From: Shia Date: Sun, 1 Jan 2023 11:36:17 +0900 Subject: [PATCH 3/5] Translate "CVE-2022-28738: Double free in Regexp compilation" --- ...ee-in-regexp-compilation-cve-2022-28738.md | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/ko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md b/ko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md index 9aecdec3d1..6aaf13e243 100644 --- a/ko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md +++ b/ko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md @@ -1,35 +1,35 @@ --- layout: news_post -title: "CVE-2022-28738: Double free in Regexp compilation" +title: "CVE-2022-28738: 정규표현식 컴파일에서의 중복 할당 해제" author: "mame" -translator: +translator: "shia" date: 2022-04-12 12:00:00 +0000 tags: security -lang: en +lang: ko --- -A double-free vulnerability is discovered in Regexp compilation. -This vulnerability has been assigned the CVE identifier [CVE-2022-28738](https://nvd.nist.gov/vuln/detail/CVE-2022-28738). -We strongly recommend upgrading Ruby. +정규표현식 컴파일 중에 중복 할당 해제 취약점이 발견되었습니다. +이 취약점은 CVE 번호 [CVE-2022-28738](https://nvd.nist.gov/vuln/detail/CVE-2022-28738)로 등록되었습니다. +Ruby를 갱신하는 것을 강력히 권장합니다. -## Details +## 세부 내용 -Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a "double free" vulnerability. -Note that, in general, it is considered unsafe to create and use a Regexp object generated from untrusted input. In this case, however, following a comprehensive assessment, we treat this issue as a vulnerability. +정규표현식 컴파일 처리의 버그로 인해, 특정 조건을 만족하는 문자열을 사용해 Regexp 객체를 생성하면 같은 메모리를 두 번 할당 해제할 가능성이 있습니다. 이는 "중복 할당 해제" 취약점으로 알려져 있습니다. +일반적으로는 신뢰할 수 없는 입력으로부터 정규표현식을 생성하는 것은 안전하지 않다고 여겨집니다. 하지만 이번 문제의 경우 종합적으로 판단한 결과, 취약점으로서 취급하기로 했습니다. -Please update Ruby to 3.0.4, or 3.1.2. +Ruby를 3.0.4, or 3.1.2로 갱신해 주세요. -## Affected versions +## 해당 버전 -* ruby 3.0.3 or prior -* ruby 3.1.1 or prior +* Ruby 3.0.3 이하 +* Ruby 3.1.1 이하 -Note that ruby 2.6 series and 2.7 series are not affected. +Ruby 2.6과 2.7은 영향을 받지 않습니다. -## Credits +## 도움을 준 사람 -Thanks to [piao](https://hackerone.com/piao?type=user) for discovering this issue. +이 문제를 발견해 준 [piao](https://hackerone.com/piao?type=user)에게 감사를 표합니다. -## History +## 수정 이력 -* Originally published at 2022-04-12 12:00:00 (UTC) +* 2022-04-12 12:00:00 (UTC) 최초 공개 From 826167d03219eba011f99084c110ef0e91e4c9d4 Mon Sep 17 00:00:00 2001 From: Shia Date: Sun, 1 Jan 2023 11:50:22 +0900 Subject: [PATCH 4/5] Translate 2.6.10, 2.7.6, 3.0.4, 3.1.2 released --- .../_posts/2022-04-12-ruby-2-6-10-released.md | 32 +++++++-------- .../_posts/2022-04-12-ruby-2-7-6-released.md | 39 +++++++++---------- .../_posts/2022-04-12-ruby-3-0-4-released.md | 26 ++++++------- .../_posts/2022-04-12-ruby-3-1-2-released.md | 26 ++++++------- 4 files changed, 61 insertions(+), 62 deletions(-) diff --git a/ko/news/_posts/2022-04-12-ruby-2-6-10-released.md b/ko/news/_posts/2022-04-12-ruby-2-6-10-released.md index 2f24f2d5ee..8b46ea6107 100644 --- a/ko/news/_posts/2022-04-12-ruby-2-6-10-released.md +++ b/ko/news/_posts/2022-04-12-ruby-2-6-10-released.md @@ -1,27 +1,27 @@ --- layout: news_post -title: "Ruby 2.6.10 Released" +title: "Ruby 2.6.10 릴리스" author: "usa and mame" -translator: +translator: "shia" date: 2022-04-12 12:00:00 +0000 -lang: en +lang: ko --- -Ruby 2.6.10 has been released. +Ruby 2.6.10이 릴리스되었습니다. -This release includes a security fix. -Please check the topics below for details. +이 릴리스는 보안 수정을 포함합니다. +자세한 사항은 아래 글을 확인해 보세요. -* [CVE-2022-28739: Buffer overrun in String-to-Float conversion]({%link en/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md %}) +* [CVE-2022-28739: String에서 Float로 변환할 때의 버퍼 오버런]({%link ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md %}) -This release also includes a fix of a build problem with very old compilers and a fix of a regression of date library. -See the [commit logs](https://github.com/ruby/ruby/compare/v2_6_9...v2_6_10) for further details. +이 릴리스는 매우 오래된 컴파일러로 빌드할 때의 문제 수정과 date 라이브러리의 회귀 버그 수정을 포함합니다. +자세한 사항은 [커밋 로그](https://github.com/ruby/ruby/compare/v2_6_9...v2_6_10)를 확인해 주세요. -After this release, Ruby 2.6 reaches EOL. In other words, this is expected to be the last release of Ruby 2.6 series. -We will not release Ruby 2.6.11 even if a security vulnerability is found (but could release if a severe regression is found). -We recommend all Ruby 2.6 users to start migration to Ruby 3.1, 3.0, or 2.7 immediately. +이 릴리스로 Ruby 2.6은 EOL이 됩니다. 다르게 말하면, Ruby 2.6 시리즈의 마지막 릴리스가 될 예정입니다. +보안 취약점이 발견되더라도 2.6.11은 릴리스되지 않을 것입니다. (심각한 회귀 버그가 발생하는 경우는 예외입니다.) +모든 Ruby 2.6 사용자는 Ruby 3.1, 3.0, 2.7로 즉시 업그레이드하기 바랍니다. -## Download +## 다운로드 {% assign release = site.data.releases | where: "version", "2.6.10" | first %} @@ -53,7 +53,7 @@ We recommend all Ruby 2.6 users to start migration to Ruby 3.1, 3.0, or 2.7 imme SHA256: {{ release.sha256.zip }} SHA512: {{ release.sha512.zip }} -## Release Comment +## 릴리스 코멘트 -Many committers, developers, and users who provided bug reports helped us make this release. -Thanks for their contributions. +많은 커미터, 개발자, 버그를 보고해 준 사용자들이 이 릴리스를 만드는 데 도움을 주었습니다. +그들의 기여에 감사드립니다. diff --git a/ko/news/_posts/2022-04-12-ruby-2-7-6-released.md b/ko/news/_posts/2022-04-12-ruby-2-7-6-released.md index d8dc847cac..f1606ac3af 100644 --- a/ko/news/_posts/2022-04-12-ruby-2-7-6-released.md +++ b/ko/news/_posts/2022-04-12-ruby-2-7-6-released.md @@ -1,30 +1,29 @@ --- layout: news_post -title: "Ruby 2.7.6 Released" +title: "Ruby 2.7.6 릴리스" author: "usa and mame" -translator: +translator: "shia" date: 2022-04-12 12:00:00 +0000 -lang: en +lang: ko --- -Ruby 2.7.6 has been released. +Ruby 2.7.6이 릴리스되었습니다. -This release includes a security fix. -Please check the topics below for details. +이 릴리스는 보안 수정을 포함합니다. +자세한 사항은 아래 글을 확인해 보세요. -* [CVE-2022-28739: Buffer overrun in String-to-Float conversion]({%link en/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md %}) +* [CVE-2022-28739: String에서 Float로 변환할 때의 버퍼 오버런]({%link ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md %}) -This release also includes some bug fixes. -See the [commit logs](https://github.com/ruby/ruby/compare/v2_7_5...v2_7_6) for further details. +이 릴리스는 몇몇 버그 수정을 포함합니다. +자세한 사항은 [커밋 로그](https://github.com/ruby/ruby/compare/v2_7_5...v2_7_6)를 확인해 주세요. -After this release, we end the normal maintenance phase of Ruby 2.7, and Ruby 2.7 enters the security maintenance phase. -This means that we will no longer backport any bug fixes to Ruby 2.7 except security fixes. +이 릴리스 이후로 Ruby 2.7은 일반 유지보수 단계가 종료되고, 보안 유지보수 단계가 됩니다. +즉, 보안 수정을 제외한 버그 수정은 Ruby 2.7으로 백포트되지 않습니다. +보안 유지보수 단계의 기간은 1년으로 계획되어 있습니다. +이 기간이 끝나면 Ruby 2.7의 공식 지원도 종료됩니다. +그러므로 Ruby 3.0이나 3.1으로 업그레이드할 계획을 세우기 바랍니다. -The term of the security maintenance phase is scheduled for a year. -Ruby 2.7 reaches EOL and its official support ends by the end of the security maintenance phase. -Therefore, we recommend that you start to plan upgrade to Ruby 3.0 or 3.1. - -## Download +## 다운로드 {% assign release = site.data.releases | where: "version", "2.7.6" | first %} @@ -56,9 +55,9 @@ Therefore, we recommend that you start to plan upgrade to Ruby 3.0 or 3.1. SHA256: {{ release.sha256.zip }} SHA512: {{ release.sha512.zip }} -## Release Comment +## 릴리스 코멘트 -Many committers, developers, and users who provided bug reports helped us make this release. -Thanks for their contributions. +많은 커미터, 개발자, 버그를 보고해 준 사용자들이 이 릴리스를 만드는 데 도움을 주었습니다. +그들의 기여에 감사드립니다. -The maintenance of Ruby 2.7, including this release, is based on the "Agreement for the Ruby stable version" of the Ruby Association. +이 릴리스를 포함한 Ruby 2.7의 유지보수는 Ruby Association의 "Ruby 안정 버전에 관한 협의"에 기반해 이루어집니다. diff --git a/ko/news/_posts/2022-04-12-ruby-3-0-4-released.md b/ko/news/_posts/2022-04-12-ruby-3-0-4-released.md index 132ed92440..2766691245 100644 --- a/ko/news/_posts/2022-04-12-ruby-3-0-4-released.md +++ b/ko/news/_posts/2022-04-12-ruby-3-0-4-released.md @@ -1,23 +1,23 @@ --- layout: news_post -title: "Ruby 3.0.4 Released" +title: "Ruby 3.0.4 릴리스" author: "nagachika and mame" -translator: +translator: "shia" date: 2022-04-12 12:00:00 +0000 -lang: en +lang: ko --- -Ruby 3.0.4 has been released. +Ruby 3.0.4가 릴리스되었습니다. -This release includes security fixes. -Please check the topics below for details. +이 릴리스는 보안 수정을 포함합니다. +자세한 사항은 아래 글을 확인해보세요. -* [CVE-2022-28738: Double free in Regexp compilation]({%link en/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md %}) -* [CVE-2022-28739: Buffer overrun in String-to-Float conversion]({%link en/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md %}) +* [CVE-2022-28738: 정규표현식 컴파일에서의 중복 할당 해제]({%link ko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md %}) +* [CVE-2022-28739: String에서 Float로 변환할 때의 버퍼 오버런]({%link ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md %}) -See the [commit logs](https://github.com/ruby/ruby/compare/v3_0_3...v3_0_4) for further details. +자세한 사항은 [커밋 로그](https://github.com/ruby/ruby/compare/v3_0_3...v3_0_4)를 확인해주세요. -## Download +## 다운로드 {% assign release = site.data.releases | where: "version", "3.0.4" | first %} @@ -42,7 +42,7 @@ See the [commit logs](https://github.com/ruby/ruby/compare/v3_0_3...v3_0_4) for SHA256: {{ release.sha256.zip }} SHA512: {{ release.sha512.zip }} -## Release Comment +## 릴리스 코멘트 -Many committers, developers, and users who provided bug reports helped us make this release. -Thanks for their contributions. +많은 커미터, 개발자, 버그를 보고해 준 사용자들이 이 릴리스를 만드는 데 도움을 주었습니다. +그들의 기여에 감사드립니다. diff --git a/ko/news/_posts/2022-04-12-ruby-3-1-2-released.md b/ko/news/_posts/2022-04-12-ruby-3-1-2-released.md index f01141d897..347825886d 100644 --- a/ko/news/_posts/2022-04-12-ruby-3-1-2-released.md +++ b/ko/news/_posts/2022-04-12-ruby-3-1-2-released.md @@ -1,23 +1,23 @@ --- layout: news_post -title: "Ruby 3.1.2 Released" +title: "Ruby 3.1.2 릴리스" author: "naruse and mame" -translator: +translator: "shia" date: 2022-04-12 12:00:00 +0000 -lang: en +lang: ko --- -Ruby 3.1.2 has been released. +Ruby 3.1.2가 릴리스되었습니다. -This release includes security fixes. -Please check the topics below for details. +이 릴리스는 보안 수정을 포함합니다. +자세한 사항은 아래 글을 확인해보세요. -* [CVE-2022-28738: Double free in Regexp compilation]({%link en/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md %}) -* [CVE-2022-28739: Buffer overrun in String-to-Float conversion]({%link en/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md %}) +* [CVE-2022-28738: 정규표현식 컴파일에서의 중복 할당 해제]({%link ko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md %}) +* [CVE-2022-28739: String에서 Float로 변환할 때의 버퍼 오버런]({%link ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md %}) -See the [commit logs](https://github.com/ruby/ruby/compare/v3_1_1...v3_1_2) for further details. +자세한 사항은 [커밋 로그](https://github.com/ruby/ruby/compare/v3_1_1...v3_1_2)를 확인해주세요. -## Download +## 다운로드 {% assign release = site.data.releases | where: "version", "3.1.2" | first %} @@ -42,7 +42,7 @@ See the [commit logs](https://github.com/ruby/ruby/compare/v3_1_1...v3_1_2) for SHA256: {{ release.sha256.zip }} SHA512: {{ release.sha512.zip }} -## Release Comment +## 릴리스 코멘트 -Many committers, developers, and users who provided bug reports helped us make this release. -Thanks for their contributions. +많은 커미터, 개발자, 버그를 보고해 준 사용자들이 이 릴리스를 만드는 데 도움을 주었습니다. +그들의 기여에 감사드립니다. From a6f684f997f4709a2b45fc012265c644299d3d4d Mon Sep 17 00:00:00 2001 From: Shia Date: Tue, 10 Jan 2023 07:05:46 +0900 Subject: [PATCH 5/5] Apply suggestions from code review Co-authored-by: Chayoung You --- ...-12-buffer-overrun-in-string-to-float-cve-2022-28739.md | 2 +- ...-12-double-free-in-regexp-compilation-cve-2022-28738.md | 4 ++-- ko/news/_posts/2022-04-12-ruby-2-6-10-released.md | 2 +- ko/news/_posts/2022-04-12-ruby-2-7-6-released.md | 7 ++++--- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md b/ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md index 8d70e62526..9f93e2c1d7 100644 --- a/ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md +++ b/ko/news/_posts/2022-04-12-buffer-overrun-in-string-to-float-cve-2022-28739.md @@ -17,7 +17,7 @@ Ruby를 갱신하는 것을 강력히 권장합니다. String에서 Float로 변환하는 내부 함수의 버그로 인해, `Kernel#Float`와 `Sting#to_f` 등의 몇몇 메서드가 버퍼를 과도하게 읽어 들일 수 있습니다. 일반적으로는 세그먼트 폴트가 발생해 프로세스가 종료됩니다만, 제한된 환경에서 범위 밖의 메모리를 읽기 위해 악용될 수 있습니다. -Ruby를 2.6.10, 2.7.6, 3.0.4, or 3.1.2로 갱신해 주세요. +Ruby를 2.6.10, 2.7.6, 3.0.4, 3.1.2로 갱신해 주세요. ## 해당 버전 diff --git a/ko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md b/ko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md index 6aaf13e243..2811e845d3 100644 --- a/ko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md +++ b/ko/news/_posts/2022-04-12-double-free-in-regexp-compilation-cve-2022-28738.md @@ -17,14 +17,14 @@ Ruby를 갱신하는 것을 강력히 권장합니다. 정규표현식 컴파일 처리의 버그로 인해, 특정 조건을 만족하는 문자열을 사용해 Regexp 객체를 생성하면 같은 메모리를 두 번 할당 해제할 가능성이 있습니다. 이는 "중복 할당 해제" 취약점으로 알려져 있습니다. 일반적으로는 신뢰할 수 없는 입력으로부터 정규표현식을 생성하는 것은 안전하지 않다고 여겨집니다. 하지만 이번 문제의 경우 종합적으로 판단한 결과, 취약점으로서 취급하기로 했습니다. -Ruby를 3.0.4, or 3.1.2로 갱신해 주세요. +Ruby를 3.0.4, 3.1.2로 갱신해 주세요. ## 해당 버전 * Ruby 3.0.3 이하 * Ruby 3.1.1 이하 -Ruby 2.6과 2.7은 영향을 받지 않습니다. +Ruby 2.6과 2.7 버전대는 영향을 받지 않습니다. ## 도움을 준 사람 diff --git a/ko/news/_posts/2022-04-12-ruby-2-6-10-released.md b/ko/news/_posts/2022-04-12-ruby-2-6-10-released.md index 8b46ea6107..4ec1c20993 100644 --- a/ko/news/_posts/2022-04-12-ruby-2-6-10-released.md +++ b/ko/news/_posts/2022-04-12-ruby-2-6-10-released.md @@ -17,7 +17,7 @@ Ruby 2.6.10이 릴리스되었습니다. 이 릴리스는 매우 오래된 컴파일러로 빌드할 때의 문제 수정과 date 라이브러리의 회귀 버그 수정을 포함합니다. 자세한 사항은 [커밋 로그](https://github.com/ruby/ruby/compare/v2_6_9...v2_6_10)를 확인해 주세요. -이 릴리스로 Ruby 2.6은 EOL이 됩니다. 다르게 말하면, Ruby 2.6 시리즈의 마지막 릴리스가 될 예정입니다. +이 릴리스로 Ruby 2.6은 EOL이 됩니다. 다르게 말하면, Ruby 2.6 버전대의 마지막 릴리스가 될 예정입니다. 보안 취약점이 발견되더라도 2.6.11은 릴리스되지 않을 것입니다. (심각한 회귀 버그가 발생하는 경우는 예외입니다.) 모든 Ruby 2.6 사용자는 Ruby 3.1, 3.0, 2.7로 즉시 업그레이드하기 바랍니다. diff --git a/ko/news/_posts/2022-04-12-ruby-2-7-6-released.md b/ko/news/_posts/2022-04-12-ruby-2-7-6-released.md index f1606ac3af..0760f4a62b 100644 --- a/ko/news/_posts/2022-04-12-ruby-2-7-6-released.md +++ b/ko/news/_posts/2022-04-12-ruby-2-7-6-released.md @@ -18,10 +18,11 @@ Ruby 2.7.6이 릴리스되었습니다. 자세한 사항은 [커밋 로그](https://github.com/ruby/ruby/compare/v2_7_5...v2_7_6)를 확인해 주세요. 이 릴리스 이후로 Ruby 2.7은 일반 유지보수 단계가 종료되고, 보안 유지보수 단계가 됩니다. -즉, 보안 수정을 제외한 버그 수정은 Ruby 2.7으로 백포트되지 않습니다. +즉, 보안 수정을 제외한 버그 수정은 Ruby 2.7로 백포트되지 않습니다. + 보안 유지보수 단계의 기간은 1년으로 계획되어 있습니다. -이 기간이 끝나면 Ruby 2.7의 공식 지원도 종료됩니다. -그러므로 Ruby 3.0이나 3.1으로 업그레이드할 계획을 세우기 바랍니다. +이 기간이 끝나면 Ruby 2.7의 공식 지원도 종료되어 EOL이 됩니다. +그러므로 Ruby 3.0이나 3.1로 업그레이드할 계획을 세우기 바랍니다. ## 다운로드