[Secure-testing-commits] r38239 - data/CVE

Henri Salo fgeek-guest at moszumanska.debian.org
Sat Dec 12 10:32:52 UTC 2015


Author: fgeek-guest
Date: 2015-12-12 10:32:52 +0000 (Sat, 12 Dec 2015)
New Revision: 38239

Modified:
   data/CVE/list
Log:
add ruby-mail smtp injection issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-12 10:28:34 UTC (rev 38238)
+++ data/CVE/list	2015-12-12 10:32:52 UTC (rev 38239)
@@ -1,3 +1,9 @@
+CVE-2015-XXXX [ruby-mail: SMTP injection via recipient email addresses]
+	- ruby-mail <unfixed>
+	NOTE: https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83
+	NOTE: CVE request: http://www.openwall.com/lists/oss-security/2015/12/11/3
+	NOTE: According to CVE request this issue is fixed in 2.6.0
+	TODO: check
 CVE-2015-XXXX [quassel: op command denial of service issue]
 	- quassel <unfixed>
 	NOTE: https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7




More information about the Secure-testing-commits mailing list