[Secure-testing-commits] r34772 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Jun 6 18:16:35 UTC 2015 

Author: carnil
Date: 2015-06-06 18:16:35 +0000 (Sat, 06 Jun 2015)
New Revision: 34772

Modified:
   data/CVE/list
Log:
Try to reflect the CVEs CVE-2015-441{0,1,2} for ruby-bson

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-06-06 17:32:34 UTC (rev 34771)
+++ data/CVE/list	2015-06-06 18:16:35 UTC (rev 34772)
@@ -1,19 +1,16 @@
 CVE-2015-4412 [ruby-bson: DoS and possible injection, with durran 2013-04-07 commit]
-	- ruby-bson <unfixed>
-	NOTE: Introduced by: https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219
-	NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
-	NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
-	NOTE: https://sources.debian.net/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54
-	NOTE: http://www.openwall.com/lists/oss-security/2015/06/06/1
-	TODO: check
+	- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
+	NOTE: Originating from  https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219
 CVE-2015-4411 [ruby-bson: DoS and possible injection, with bernerdschaefer 2012-04-17 commit]
-	- ruby-bson <unfixed>
+	- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
 	NOTE: https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
-	TODO: check in which version problematic fix applied
 CVE-2015-4410 [ruby-bson: DoS and possible injection]
 	- ruby-bson <unfixed>
 	NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression
-	NOTE: check
+	NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
+	NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
+	NOTE: https://sources.debian.net/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54
+	NOTE: http://www.openwall.com/lists/oss-security/2015/06/06/1
 CVE-2015-4338
 	NOT-FOR-US: WordPress plugin xclonerbackupandrestore
 CVE-2015-4337

More information about the Secure-testing-commits mailing list