[Secure-testing-commits] r34772 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jun 6 18:16:35 UTC 2015
Author: carnil
Date: 2015-06-06 18:16:35 +0000 (Sat, 06 Jun 2015)
New Revision: 34772
Modified:
data/CVE/list
Log:
Try to reflect the CVEs CVE-2015-441{0,1,2} for ruby-bson
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-06 17:32:34 UTC (rev 34771)
+++ data/CVE/list 2015-06-06 18:16:35 UTC (rev 34772)
@@ -1,19 +1,16 @@
CVE-2015-4412 [ruby-bson: DoS and possible injection, with durran 2013-04-07 commit]
- - ruby-bson <unfixed>
- NOTE: Introduced by: https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219
- NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
- NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
- NOTE: https://sources.debian.net/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/06/1
- TODO: check
+ - ruby-bson <not-affected> (corresponding change in ruby-bson not present)
+ NOTE: Originating from https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219
CVE-2015-4411 [ruby-bson: DoS and possible injection, with bernerdschaefer 2012-04-17 commit]
- - ruby-bson <unfixed>
+ - ruby-bson <not-affected> (corresponding change in ruby-bson not present)
NOTE: https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
- TODO: check in which version problematic fix applied
CVE-2015-4410 [ruby-bson: DoS and possible injection]
- ruby-bson <unfixed>
NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression
- NOTE: check
+ NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
+ NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
+ NOTE: https://sources.debian.net/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54
+ NOTE: http://www.openwall.com/lists/oss-security/2015/06/06/1
CVE-2015-4338
NOT-FOR-US: WordPress plugin xclonerbackupandrestore
CVE-2015-4337
More information about the Secure-testing-commits
mailing list