[Secure-testing-commits] r36021 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Aug 12 17:48:07 UTC 2015
Author: carnil
Date: 2015-08-12 17:48:07 +0000 (Wed, 12 Aug 2015)
New Revision: 36021
Modified:
data/CVE/list
Log:
Add more note for CVE-2009-5147/ruby*
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-12 17:21:48 UTC (rev 36020)
+++ data/CVE/list 2015-08-12 17:48:07 UTC (rev 36021)
@@ -10217,6 +10217,9 @@
NOTE: seem to be contained in e.g. latest 1.9.1 and 2.1. E.g.
NOTE: https://sources.debian.net/src/ruby2.1/2.1.5-4/ext/dl/handle.c/#L120 does
NOTE: contain the change.
+ NOTE: In https://github.com/ruby/ruby/commit/07308c4d30b8c5260e5366c8eed2abf054d86fe7
+ NOTE: DL was replaced by Fiddle but the problem might still be present there (un-
+ NOTE: checked)
NOTE: Discussion http://seclists.org/oss-sec/2015/q3/220
TODO: check
CVE-2009-5146 [memory leak in hostname TLS extension]
More information about the Secure-testing-commits
mailing list