[Secure-testing-commits] r8282 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Thu Mar 6 18:53:11 UTC 2008
Author: thijs
Date: 2008-03-06 18:53:09 +0000 (Thu, 06 Mar 2008)
New Revision: 8282
Modified:
data/CVE/list
Log:
ruby issue can be exploited when used on e.g. ntfs mounted
volumes, which seems like a corner case
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-03-06 13:49:15 UTC (rev 8281)
+++ data/CVE/list 2008-03-06 18:53:09 UTC (rev 8282)
@@ -1,6 +1,9 @@
CVE-2008-XXXX [File access vulnerability of WEBrick]
- - ruby1.8 <not-affected> (bug #469475, Windows/Apple only)
- - ruby1.9 <not-affected> (bug #469482, Windows/Apple only)
+ - ruby1.8 1.8.6.114-1 (low; bug #469475)
+ - ruby1.9 <unfixed> (low; bug #469482)
+ [sarge] - ruby1.8 <no-dsa> (case insensitive FS, corner case)
+ [etch] - ruby1.8 <no-dsa> (case insensitive FS, corner case)
+ [etch] - ruby1.9 <no-dsa> (case insensitive FS, corner case)
NOTE: http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
CVE-2008-XXXX [file disclosure in dovecot]
- dovecot <unfixed> (medium; bug #469457)
More information about the Secure-testing-commits
mailing list