[Secure-testing-commits] r21494 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Sun Mar 3 16:31:28 UTC 2013
Author: carnil
Date: 2013-03-03 16:31:27 +0000 (Sun, 03 Mar 2013)
New Revision: 21494
Modified:
data/CVE/list
Log:
CVE-2013-1802 expliclitly for ruby-extlib, still todo: check if crack and httparty rubygems are present in Debian, got also two separate CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-03-03 16:24:22 UTC (rev 21493)
+++ data/CVE/list 2013-03-03 16:31:27 UTC (rev 21494)
@@ -990,8 +990,10 @@
RESERVED
CVE-2013-1803
RESERVED
-CVE-2013-1802
+CVE-2013-1802 [YAML parameter parsing vulnerability]
RESERVED
+ - ruby-extlib 0.9.15-3 (bug #697895)
+ - libextlib-ruby <removed> (bug #697895)
CVE-2013-1801
RESERVED
CVE-2013-1800
@@ -5318,8 +5320,6 @@
- rails 2.3.14.1 (bug #697722; high)
- ruby-activesupport-2.3 2.3.14-5 (bug #697789)
- ruby-activesupport-3.2 3.2.6-5 (bug #697790)
- - ruby-extlib 0.9.15-3 (bug #697895)
- - libextlib-ruby <removed> (bug #697895)
NOTE: Starting with 2.3.14.1 rails is a transition package
NOTE: http://www.insinuator.net/2013/01/rails-yaml/
NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/14
More information about the Secure-testing-commits
mailing list