From 4f5d0a0d6c0238b1a57d01023e60a710ef201457 Mon Sep 17 00:00:00 2001
From: marocchino <marocchino@users.noreply.github.com>
Date: Tue, 28 Mar 2023 12:37:30 +0900
Subject: [PATCH] CVE-2023-28755: reorder affected versions

---
 en/news/_posts/2023-03-28-redos-in-uri-cve-2023-28755.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/en/news/_posts/2023-03-28-redos-in-uri-cve-2023-28755.md b/en/news/_posts/2023-03-28-redos-in-uri-cve-2023-28755.md
index 87f236d5f1..aabf37dac5 100644
--- a/en/news/_posts/2023-03-28-redos-in-uri-cve-2023-28755.md
+++ b/en/news/_posts/2023-03-28-redos-in-uri-cve-2023-28755.md
@@ -8,14 +8,14 @@ tags: security
 lang: en
 ---
 
-We have released the uri gem version 0.10.0.1, 0.10.2, 0.11.1 and 0.12.1 that has a security fix for a ReDoS vulnerability.
+We have released the uri gem version 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1 that has a security fix for a ReDoS vulnerability.
 This vulnerability has been assigned the CVE identifier [CVE-2023-28755](https://nvd.nist.gov/vuln/detail/CVE-2023-28755).
 
 ## Details
 
 A ReDoS issue was discovered in the URI component. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects.
 
-The `uri` gem version 0.10.1, 0.10.2, 0.11.0, 0.12.0, and all versions 0.10.0 and prior are vulnerable for this vulnerability.
+The `uri` gem version 0.12.0, 0.11.0, 0.10.1, 0.10.0 and all versions prior 0.10.0 are vulnerable for this vulnerability.
 
 ## Recommended action
 
@@ -32,7 +32,8 @@ You can use `gem update uri` to update it. If you are using bundler, please add
 
 * uri gem 0.12.0
 * uri gem 0.11.0
-* uri gem 0.10.0 or 0.10.1
+* uri gem 0.10.1
+* uri gem 0.10.0 or before
 
 ## Credits
 
@@ -41,3 +42,4 @@ Thanks to [Dominic Couture](https://hackerone.com/dee-see?type=user) for discove
 ## History
 
 * Originally published at 2023-03-28 01:00:00 (UTC)
+* Update Affected versions at 2023-03-28 02:00:00 (UTC)