[Secure-testing-commits] r33426 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Apr 8 05:23:05 UTC 2015


Author: carnil
Date: 2015-04-08 05:23:05 +0000 (Wed, 08 Apr 2015)
New Revision: 33426

Modified:
   data/CVE/list
Log:
Add ruby-redcarpet issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-08 05:22:58 UTC (rev 33425)
+++ data/CVE/list	2015-04-08 05:23:05 UTC (rev 33426)
@@ -1,3 +1,8 @@
+CVE-2015-XXXX [ossible XSS via autolinking of untrusted markdown]
+	- ruby-redcarpet <unfixed>
+	NOTE: Fix: https://github.com/vmg/redcarpet/commit/e5a10516d07114d582d13b9125b733008c61c242
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/07/11
+	TODO: check possibly related gems
 CVE-2015-XXXX [DoS -- OOPS NULL pointer dereference in nf_nat_setup_info+0x471]
 	- linux 3.14.5-1 (bug #741667)
 	[wheezy] - linux <not-affected> (Introduced in 3.6)




More information about the Secure-testing-commits mailing list