[Secure-testing-commits] r36265 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Aug 22 14:12:53 UTC 2015
Author: carnil
Date: 2015-08-22 14:12:52 +0000 (Sat, 22 Aug 2015)
New Revision: 36265
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2009-5147/ruby2.2, #796551
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-22 12:30:14 UTC (rev 36264)
+++ data/CVE/list 2015-08-22 14:12:52 UTC (rev 36265)
@@ -11461,7 +11461,7 @@
- ruby1.9.1 <removed>
- ruby2.0 <removed>
- ruby2.1 <unfixed> (bug #796344)
- - ruby2.2 <not-affected> (DL has been removed in 2.2)
+ - ruby2.2 <unfixed> (bug #796551)
NOTE: https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b
NOTE: Although the is upstream commit mentioned, the corresponding change does not
NOTE: seem to be contained in e.g. latest 1.9.1 and 2.1. E.g.
@@ -11469,6 +11469,7 @@
NOTE: contain the change.
NOTE: In https://github.com/ruby/ruby/commit/07308c4d30b8c5260e5366c8eed2abf054d86fe7
NOTE: Discussion http://seclists.org/oss-sec/2015/q3/220
+ NOTE: DL has been replaced in 2.2 with Fiddle which has the same problem according to maintainer.
CVE-2009-5146 [memory leak in hostname TLS extension]
RESERVED
- openssl 0.9.8k-1
More information about the Secure-testing-commits
mailing list