[Secure-testing-commits] r34773 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jun 6 19:55:24 UTC 2015
Author: carnil
Date: 2015-06-06 19:55:24 +0000 (Sat, 06 Jun 2015)
New Revision: 34773
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2015-4410, #787951
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-06 18:16:35 UTC (rev 34772)
+++ data/CVE/list 2015-06-06 19:55:24 UTC (rev 34773)
@@ -5,7 +5,7 @@
- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
NOTE: https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
CVE-2015-4410 [ruby-bson: DoS and possible injection]
- - ruby-bson <unfixed>
+ - ruby-bson <unfixed> (bug #787951)
NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression
NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
More information about the Secure-testing-commits
mailing list