[Secure-testing-commits] r35846 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Aug 2 13:08:33 UTC 2015
Author: carnil
Date: 2015-08-02 13:08:33 +0000 (Sun, 02 Aug 2015)
New Revision: 35846
Modified:
data/CVE/list
Log:
Update information for ruby-sidekiq issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-02 12:13:39 UTC (rev 35845)
+++ data/CVE/list 2015-08-02 13:08:33 UTC (rev 35846)
@@ -9,14 +9,17 @@
NOTE: Fixed by https://github.com/mperham/sidekiq/commit/cf3c43b2410c4573e05ac119494e41115f4140ad
NOTE: Fix released in sidekiq 3.4.2
NOTE: Follow-up fix: https://github.com/mperham/sidekiq/commit/75a3524c919857aac16e0541b0cb107f48d00694
+ NOTE: Follow-up commit not included in 3.4.2~dfsg-1
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
CVE-2015-XXXX [XSS via job arguments display class in Sidekiq::Web]
+ [experimental] - ruby-sidekiq 3.4.2~dfsg-1
- ruby-sidekiq <unfixed>
NOTE: https://github.com/mperham/sidekiq/pull/2309
NOTE: Fixed by https://github.com/mperham/sidekiq/commit/54766f336620ca0ce3b0b87a7a56382496e64b61
NOTE: Fix released in sidekiq 3.4.0
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
CVE-2015-XXXX [XSS via queue name in Sidekiq::Web]
+ [experimental] - ruby-sidekiq 3.4.2~dfsg-1
- ruby-sidekiq <unfixed>
NOTE: https://github.com/mperham/sidekiq/issues/2330
NOTE: Fixed by https://github.com/mperham/sidekiq/commit/2178d66b6686fbf4430223c34c184a64c9906828
More information about the Secure-testing-commits
mailing list