[Secure-testing-commits] r12165 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Fri Jun 19 16:54:44 UTC 2009
Author: gilbert-guest
Date: 2009-06-19 16:54:42 +0000 (Fri, 19 Jun 2009)
New Revision: 12165
Modified:
data/CVE/list
Log:
CVE-2009-1904 is low-urgency (local dos in ruby)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-06-19 11:17:59 UTC (rev 12164)
+++ data/CVE/list 2009-06-19 16:54:42 UTC (rev 12165)
@@ -471,7 +471,7 @@
CVE-2009-1905 (The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 ...)
NOT-FOR-US: IBM DB2
CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 ...)
- - ruby1.8 1.8.7.173-1 (bug #532689)
+ - ruby1.8 1.8.7.173-1 (low; bug #532689)
- ruby1.9 <not-affected>
NOTE: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
CVE-2009-1903 (The PDF XSS protection feature in ModSecurity before 2.5.8 allows ...)
More information about the Secure-testing-commits
mailing list