[Secure-testing-commits] r35835 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Aug 2 06:09:28 UTC 2015
Author: carnil
Date: 2015-08-02 06:09:24 +0000 (Sun, 02 Aug 2015)
New Revision: 35835
Modified:
data/CVE/list
Log:
Add new ruby-sidekiq issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-02 06:03:38 UTC (rev 35834)
+++ data/CVE/list 2015-08-02 06:09:24 UTC (rev 35835)
@@ -1,3 +1,22 @@
+CVE-2015-XXXX [Sidekiq::Web lacks CSRF protection]
+ - ruby-sidekiq <unfixed>
+ NOTE: https://github.com/mperham/sidekiq/pull/2422
+ NOTE: Fixed by https://github.com/mperham/sidekiq/commit/cf3c43b2410c4573e05ac119494e41115f4140ad
+ NOTE: Fix released in sidekiq 3.4.2
+ NOTE: Follow-up fix: https://github.com/mperham/sidekiq/commit/75a3524c919857aac16e0541b0cb107f48d00694
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
+CVE-2015-XXXX [XSS via job arguments display class in Sidekiq::Web]
+ - ruby-sidekiq <unfixed>
+ NOTE: https://github.com/mperham/sidekiq/pull/2309
+ NOTE: Fixed by https://github.com/mperham/sidekiq/commit/54766f336620ca0ce3b0b87a7a56382496e64b61
+ NOTE: Fix released in sidekiq 3.4.0
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
+CVE-2015-XXXX [XSS via queue name in Sidekiq::Web]
+ - ruby-sidekiq <unfixed>
+ NOTE: https://github.com/mperham/sidekiq/issues/2330
+ NOTE: Fixed by https://github.com/mperham/sidekiq/commit/2178d66b6686fbf4430223c34c184a64c9906828
+ NOTE: Fix released in sidekiq 3.4.0
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
CVE-2015-XXXX [Integer overflow in SCSI generic driver]
- linux <unfixed>
- linux-2.6 <removed>
More information about the Secure-testing-commits
mailing list