[Secure-testing-commits] r34771 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jun 6 17:32:34 UTC 2015
Author: carnil
Date: 2015-06-06 17:32:34 +0000 (Sat, 06 Jun 2015)
New Revision: 34771
Modified:
data/CVE/list
Log:
Add three CVEs for ruby-bson
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-06 17:32:22 UTC (rev 34770)
+++ data/CVE/list 2015-06-06 17:32:34 UTC (rev 34771)
@@ -5,12 +5,15 @@
NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
NOTE: https://sources.debian.net/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54
NOTE: http://www.openwall.com/lists/oss-security/2015/06/06/1
+ TODO: check
CVE-2015-4411 [ruby-bson: DoS and possible injection, with bernerdschaefer 2012-04-17 commit]
- ruby-bson <unfixed>
NOTE: https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
+ TODO: check in which version problematic fix applied
CVE-2015-4410 [ruby-bson: DoS and possible injection]
- ruby-bson <unfixed>
NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression
+ NOTE: check
CVE-2015-4338
NOT-FOR-US: WordPress plugin xclonerbackupandrestore
CVE-2015-4337
More information about the Secure-testing-commits
mailing list