[Secure-testing-commits] r47950 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Jan 12 15:19:33 UTC 2017
Author: jmm
Date: 2017-01-12 15:19:33 +0000 (Thu, 12 Jan 2017)
New Revision: 47950
Modified:
data/CVE/list
Log:
ruby bugs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-12 15:11:46 UTC (rev 47949)
+++ data/CVE/list 2017-01-12 15:19:33 UTC (rev 47950)
@@ -35784,14 +35784,14 @@
CVE-2016-2340 (The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows ...)
NOT-FOR-US: Granite
CVE-2016-2339 (An exploitable heap overflow vulnerability exists in the ...)
- - ruby2.3 <unfixed>
+ - ruby2.3 <unfixed> (bug #851161)
- ruby2.1 <removed>
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0034/
NOTE: Fixed by: https://github.com/ruby/ruby/commit/bcc2421b4938fc1d9f5f3fb6ef2320571b27af42
CVE-2016-2338
RESERVED
CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class method. ...)
- - ruby2.3 <unfixed>
+ - ruby2.3 <unfixed> (bug #851161)
- ruby2.1 <removed>
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0031/
TODO: check, might not be exploitable in jessie with ruby2.1, since requires cancel_eval which is supported in Tcl/Tk8.6 or later.
More information about the Secure-testing-commits
mailing list