[Secure-testing-commits] r55257 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Aug 30 19:21:45 UTC 2017
Author: carnil
Date: 2017-08-30 19:21:45 +0000 (Wed, 30 Aug 2017)
New Revision: 55257
Modified:
data/CVE/list
Log:
Add new ruby(gems) issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-30 19:21:32 UTC (rev 55256)
+++ data/CVE/list 2017-08-30 19:21:45 UTC (rev 55257)
@@ -36304,14 +36304,46 @@
RESERVED
CVE-2017-0903
RESERVED
-CVE-2017-0902
+CVE-2017-0902 [DNS issue]
RESERVED
-CVE-2017-0901
+ - ruby2.3 <unfixed>
+ - ruby2.1 <removed>
+ - ruby1.9.1 <removed>
+ - rubygems <removed>
+ NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
+ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
+ NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
+ NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
+CVE-2017-0901 [overwrite any file]
RESERVED
-CVE-2017-0900
+ - ruby2.3 <unfixed>
+ - ruby2.1 <removed>
+ - ruby1.9.1 <removed>
+ - rubygems <removed>
+ NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
+ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
+ NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
+ NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
+CVE-2017-0900 [query command]
RESERVED
-CVE-2017-0899
+ - ruby2.3 <unfixed>
+ - ruby2.1 <removed>
+ - ruby1.9.1 <removed>
+ - rubygems <removed>
+ NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
+ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
+ NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
+ NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
+CVE-2017-0899 [ANSI escape issue]
RESERVED
+ - ruby2.3 <unfixed>
+ - ruby2.1 <removed>
+ - ruby1.9.1 <removed>
+ - rubygems <removed>
+ NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
+ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
+ NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
+ NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0898
RESERVED
CVE-2017-0897 (ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create ...)
More information about the Secure-testing-commits
mailing list