[Secure-testing-commits] r58741 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Dec 20 21:15:49 UTC 2017
Author: carnil
Date: 2017-12-20 21:15:49 +0000 (Wed, 20 Dec 2017)
New Revision: 58741
Modified:
data/CVE/list
Log:
Add CVE-2017-17790/ruby
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-20 21:10:12 UTC (rev 58740)
+++ data/CVE/list 2017-12-20 21:15:49 UTC (rev 58741)
@@ -107,7 +107,14 @@
CVE-2017-17791
RESERVED
CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 ...)
- TODO: check
+ - ruby2.5 <unfixed>
+ - ruby2.3 <unfixed>
+ [stretch] - ruby2.3 <postponed> (Minor issue, can be fixed along in future DSA)
+ - ruby2.1 <removed>
+ [jessie] - ruby2.1 <postponed> (Minor issue, can be fixed along in future DSA)
+ - ruby1.9.1 <removed>
+ - ruby1.8 <removed>
+ NOTE: https://github.com/ruby/ruby/pull/1777
CVE-2017-17783 (In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage ...)
TODO: check
CVE-2017-17782 (In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ...)
More information about the Secure-testing-commits
mailing list