[Secure-testing-commits] r39165 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jan 25 20:24:38 UTC 2016
Author: carnil
Date: 2016-01-25 20:24:38 +0000 (Mon, 25 Jan 2016)
New Revision: 39165
Modified:
data/CVE/list
Log:
CVE-2015-7551/ruby2.2 fixed in unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-25 20:18:44 UTC (rev 39164)
+++ data/CVE/list 2016-01-25 20:24:38 UTC (rev 39165)
@@ -8491,7 +8491,7 @@
- ruby2.0 <removed>
- ruby2.1 <unfixed> (bug #796344)
[jessie] - ruby2.1 <no-dsa> (Minor issue)
- - ruby2.2 <unfixed> (bug #796551)
+ - ruby2.2 2.2.4-1 (bug #796551)
NOTE: https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
TODO: check correctness for CVE-2009-5147/CVE-2015-7551 record since affects multiple ruby versions
CVE-2015-7550 [Linux keyring subsystem race leads to null dereference]
More information about the Secure-testing-commits
mailing list