[Secure-testing-commits] r12579 - data/CVE
Florian Weimer
fw at alioth.debian.org
Wed Aug 12 19:44:35 UTC 2009
Author: fw
Date: 2009-08-12 19:44:35 +0000 (Wed, 12 Aug 2009)
New Revision: 12579
Modified:
data/CVE/list
Log:
CVE-2009-1904: ruby1.9 affected
We still have got Ruby 1.9, and it crashes. Upstream talks about Ruby
1.9.1.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-12 16:37:50 UTC (rev 12578)
+++ data/CVE/list 2009-08-12 19:44:35 UTC (rev 12579)
@@ -2370,7 +2370,7 @@
NOT-FOR-US: IBM DB2
CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 ...)
- ruby1.8 1.8.7.173-1 (low; bug #532689)
- - ruby1.9 <not-affected>
+ - ruby1.9 <unfixed>
NOTE: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
CVE-2009-1903 (The PDF XSS protection feature in ModSecurity before 2.5.8 allows ...)
- libapache-mod-security 2.5.9-1
More information about the Secure-testing-commits
mailing list