[Secure-testing-commits] r50305 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Apr 3 18:04:58 UTC 2017
Author: carnil
Date: 2017-04-03 18:04:58 +0000 (Mon, 03 Apr 2017)
New Revision: 50305
Modified:
data/CVE/list
Log:
Update CVE-2017-6181
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-03 17:41:22 UTC (rev 50304)
+++ data/CVE/list 2017-04-03 18:04:58 UTC (rev 50305)
@@ -3480,8 +3480,11 @@
CVE-2017-6182 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the ...)
NOT-FOR-US: Sophos
CVE-2017-6181 (The parse_char_class function in regparse.c in the Onigmo (aka ...)
+ - ruby2.3 <not-affected> (Introduced in v2_4_0_rc1)
+ - ruby2.1 <not-affected> (Introduced in v2_4_0_rc1)
+ NOTE: Introduced by: https://github.com/ruby/ruby/commit/2873edeafb6f6df1fc99bb9b1167591b99dd378c
+ NOTE: Fixed by: https://github.com/ruby/ruby/commit/ea940cc4dcff8d6c345d7015eda0bf06671f87e9
NOTE: https://bugs.ruby-lang.org/issues/13234
- TODO: check, if affects ruby versions other than 2.4
CVE-2017-6180 (Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery ...)
NOT-FOR-US: Keekoon KK002 devices
CVE-2017-6179
More information about the Secure-testing-commits
mailing list