[Secure-testing-commits] r34770 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jun 6 17:32:22 UTC 2015
Author: carnil
Date: 2015-06-06 17:32:22 +0000 (Sat, 06 Jun 2015)
New Revision: 34770
Modified:
data/CVE/list
Log:
Add three CVEs for ruby-bson
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-06 14:57:03 UTC (rev 34769)
+++ data/CVE/list 2015-06-06 17:32:22 UTC (rev 34770)
@@ -1,8 +1,16 @@
-CVE-2015-XXXX [ruby-bson: DoS and possible injection]
+CVE-2015-4412 [ruby-bson: DoS and possible injection, with durran 2013-04-07 commit]
- ruby-bson <unfixed>
+ NOTE: Introduced by: https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219
+ NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/06/1
- NOTE: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
+ NOTE: https://sources.debian.net/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54
+ NOTE: http://www.openwall.com/lists/oss-security/2015/06/06/1
+CVE-2015-4411 [ruby-bson: DoS and possible injection, with bernerdschaefer 2012-04-17 commit]
+ - ruby-bson <unfixed>
+ NOTE: https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
+CVE-2015-4410 [ruby-bson: DoS and possible injection]
+ - ruby-bson <unfixed>
+ NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression
CVE-2015-4338
NOT-FOR-US: WordPress plugin xclonerbackupandrestore
CVE-2015-4337
More information about the Secure-testing-commits
mailing list