[Secure-testing-commits] r35121 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Jun 23 17:34:58 UTC 2015
Author: carnil
Date: 2015-06-23 17:34:58 +0000 (Tue, 23 Jun 2015)
New Revision: 35121
Modified:
data/CVE/list
Log:
Mark CVE-2015-4410/ruby-bson as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-23 17:22:19 UTC (rev 35120)
+++ data/CVE/list 2015-06-23 17:34:58 UTC (rev 35121)
@@ -1110,6 +1110,7 @@
CVE-2015-4410 [ruby-bson: DoS and possible injection]
RESERVED
- ruby-bson <unfixed> (bug #787951)
+ [jessie] - ruby-bson <no-dsa> (Minor issue)
NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression
NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
More information about the Secure-testing-commits
mailing list