[Secure-testing-commits] r54700 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sat Aug 12 20:22:23 UTC 2017
Author: jmm
Date: 2017-08-12 20:22:23 +0000 (Sat, 12 Aug 2017)
New Revision: 54700
Modified:
data/CVE/list
Log:
mark bundler as ignored
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-12 20:17:42 UTC (rev 54699)
+++ data/CVE/list 2017-08-12 20:22:23 UTC (rev 54700)
@@ -41104,8 +41104,8 @@
NOT-FOR-US: AlienVault OSSIM
CVE-2016-7954 (Bundler 1.x might allow remote attackers to inject arbitrary Ruby code ...)
- bundler <unfixed> (bug #842504)
- [stretch] - bundler <no-dsa> (Minor issue, too intrusive to backport)
- [jessie] - bundler <no-dsa> (Minor issue, too intrusive to backport)
+ [stretch] - bundler <ignored> (Minor issue, too intrusive to backport)
+ [jessie] - bundler <ignored> (Minor issue, too intrusive to backport)
[wheezy] - bundler <no-dsa> (Minor issue, too intrusive to backport)
NOTE: http://www.openwall.com/lists/oss-security/2016/10/04/5
NOTE: There is no plan (yet) from upstream to address this for bundler 1.x
More information about the Secure-testing-commits
mailing list