[Secure-testing-commits] r35253 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Jun 30 19:34:52 UTC 2015
Author: carnil
Date: 2015-06-30 19:34:51 +0000 (Tue, 30 Jun 2015)
New Revision: 35253
Modified:
data/CVE/list
Log:
Add information for CVE-2015-4020 for incomplete fix for CVE-2015-3900
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-30 19:23:59 UTC (rev 35252)
+++ data/CVE/list 2015-06-30 19:34:51 UTC (rev 35253)
@@ -2482,8 +2482,20 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/05/20/1
CVE-2015-4023
RESERVED
-CVE-2015-4020
+CVE-2015-4020 [Issue introduced by commit 6bbee35, incomplete fix]
RESERVED
+ - rubygems <not-affected> (Affects versions between 2.0 and 2.4.6 and incomplete fix not applied)
+ - libgems-ruby <not-affected> (Affects versions between 2.0 and 2.4.6 and incomplete fix not applied)
+ - ruby1.8 <not-affected> (Vulnerable code not present)
+ - ruby1.9.1 <not-affected> (Bundles 1.8.23, vulnerable code introduced in later 1.9.1 versions; incomplete fix not applied)
+ - ruby2.1 <not-affected> (Incomplete fix not applied)
+ - ruby2.2 <not-affected> (Incomplete fix not applied)
+ - jruby <not-affected> (Incomplete fix not applied)
+
+ NOTE: Original patch (https://github.com/rubygems/rubygems/commit/6bbee35)
+ NOTE: introduced another vulnerability, assigned CVE-2015-4020. So this
+ NOTE: only applies if 6bbee35 was applied only.
+ NOTE: https://github.com/rubygems/rubygems/commit/5c7bfb5
CVE-2015-4019
RESERVED
CVE-2015-4018 (SQL injection vulnerability in feedwordpresssyndicationpage.class.php ...)
More information about the Secure-testing-commits
mailing list