[Secure-testing-commits] r57622 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Nov 14 15:42:24 UTC 2017


Author: carnil
Date: 2017-11-14 15:42:24 +0000 (Tue, 14 Nov 2017)
New Revision: 57622

Modified:
   data/CVE/list
Log:
ruby2.3 issues fixed in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-14 15:38:26 UTC (rev 57621)
+++ data/CVE/list	2017-11-14 15:42:24 UTC (rev 57622)
@@ -7773,7 +7773,7 @@
 	RESERVED
 CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...)
 	{DSA-4031-1 DLA-1114-1}
-	- ruby2.3 <unfixed> (bug #875928)
+	- ruby2.3 2.3.5-1 (bug #875928)
 	- ruby2.1 <removed>
 	- ruby1.9.1 <removed>
 	- ruby1.8 <not-affected> (vunlerable code not present)
@@ -17260,7 +17260,7 @@
 	RESERVED
 CVE-2017-10784 (The Basic authentication code in WEBrick library in Ruby before 2.2.8, ...)
 	{DSA-4031-1 DLA-1114-1 DLA-1113-1}
-	- ruby2.3 <unfixed> (bug #875931)
+	- ruby2.3 2.3.5-1 (bug #875931)
 	- ruby2.1 <removed>
 	- ruby1.9.1 <removed>
 	- ruby1.8 <removed>
@@ -45993,7 +45993,7 @@
 	NOT-FOR-US: private_address_check ruby gem
 CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a ...)
 	{DSA-4031-1}
-	- ruby2.3 <unfixed> (bug #879231)
+	- ruby2.3 2.3.5-1 (bug #879231)
 	- ruby2.1 <removed>
 	- ruby1.9.1 <removed>
 	[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
@@ -46047,7 +46047,7 @@
 	NOTE: Not considered a vulnerability per se, if this affects a terminal emulator it's a bug there
 CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious ...)
 	{DSA-4031-1 DLA-1114-1 DLA-1113-1}
-	- ruby2.3 <unfixed> (bug #875936)
+	- ruby2.3 2.3.5-1 (bug #875936)
 	- ruby2.1 <removed>
 	- ruby1.9.1 <removed>
 	- ruby1.8 <removed>




More information about the Secure-testing-commits mailing list