[Secure-testing-commits] r34599 - data/CVE

Thorsten Alteholz alteholz at moszumanska.debian.org
Sat May 30 18:17:52 UTC 2015


Author: alteholz
Date: 2015-05-30 18:17:52 +0000 (Sat, 30 May 2015)
New Revision: 34599

Modified:
   data/CVE/list
Log:
added notes to other open ruby CVEs in squeeze

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-30 18:12:00 UTC (rev 34598)
+++ data/CVE/list	2015-05-30 18:17:52 UTC (rev 34599)
@@ -62304,7 +62304,7 @@
 	- linux <not-affected> (Vulnerable code introduced in 3.3)
 CVE-2012-4466 (Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 ...)
 	- ruby1.9.1 1.9.3.194-2 (low; bug #689075)
-	[squeeze] - ruby1.9.1 <no-dsa> (Minor issue)
+	[squeeze] - ruby1.9.1 <not-affected> (Minor issue, please recheck)
 CVE-2012-4465 (Heap-based buffer overflow in the substr function in parsing.c in cgit ...)
 	- cgit <not-affected> (Fixed before the initial upload into the archive)
 CVE-2012-4464 (Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows ...)
@@ -78059,7 +78059,7 @@
 	- ruby1.9 <removed> (low; bug #646020)
 	[lenny] - ruby1.9 <no-dsa> (Minor issue)
 	- ruby1.9.1 <removed> (low; bug #646020)
-	[squeeze] - ruby1.9.1 <no-dsa> (Minor issue)
+	[squeeze] - ruby1.9.1 <no-dsa> (Minor issue, there seems to be no patch upstream)
 	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
 CVE-2011-3623 (Multiple stack-based buffer overflows in VideoLAN VLC media player ...)
 	- vlc 1.1.3-1
@@ -85880,7 +85880,7 @@
 	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
 	- ruby1.9 <removed> (bug #615519)
 	[lenny] - ruby1.9 <no-dsa> (Minor issue)
-	[squeeze] - ruby1.9 <no-dsa> (Minor issue)
+	[squeeze] - ruby1.9 <no-dsa> (Minor issue, patch would change behaviour and might break things)
 	- ruby1.9.1 1.9.2.180-1 (bug #615519)
 CVE-2011-1003 (Double free vulnerability in the vba_read_project_strings function in ...)
 	- clamav 0.97+dfsg-1 (low)




More information about the Secure-testing-commits mailing list