[Secure-testing-commits] r58690 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Dec 19 12:11:14 UTC 2017
Author: carnil
Date: 2017-12-19 12:11:14 +0000 (Tue, 19 Dec 2017)
New Revision: 58690
Modified:
data/CVE/list
Log:
Sort top down entries
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-19 11:43:36 UTC (rev 58689)
+++ data/CVE/list 2017-12-19 12:11:14 UTC (rev 58690)
@@ -87,11 +87,13 @@
RESERVED
CVE-2017-17718 (The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL ...)
- ruby-net-ldap <unfixed> (bug #884693)
+ [jessie] - ruby-net-ldap <ignored> (Doc always said that there is no validation)
[wheezy] - ruby-net-ldap <ignored> (Doc always said that there is no validation)
- [jessie] - ruby-net-ldap <ignored> (Doc always said that there is no validation)
NOTE: https://github.com/ruby-ldap/ruby-net-ldap/issues/258
- NOTE: Versions < 0.10 properly acknowledge in their documentation the lack of any SSL validation, see https://sources.debian.org/src/ruby-net-ldap/0.8.0-1/lib/net/ldap.rb/#L476
- NOTE: In wheezy/jessie, only reverse dependencies are redmine (which is unsupported in wheezy) and ruby-omniauth-ldap (which has no reverse dep either).
+ NOTE: Versions < 0.10 properly acknowledge in their documentation the lack of any SSL
+ NOTE: validation, see https://sources.debian.org/src/ruby-net-ldap/0.8.0-1/lib/net/ldap.rb/#L476
+ NOTE: In wheezy/jessie, only reverse dependencies are redmine (which is unsupported in wheezy)
+ NOTE: and ruby-omniauth-ldap (which has no reverse dep either).
CVE-2017-17717 (Sonatype Nexus Repository Manager through 2.14.5 has weak password ...)
NOT-FOR-US: Sonatype Nexus
CVE-2017-17716 (GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate ...)
More information about the Secure-testing-commits
mailing list