[Secure-testing-commits] r56519 - data/CVE

Sun Oct 8 14:49:06 UTC 2017

Author: carnil
Date: 2017-10-08 14:49:06 +0000 (Sun, 08 Oct 2017)
New Revision: 56519

Modified:
   data/CVE/list
Log:
Add fixing version for ruby2.3 in unstable

The package was proped-up to unstable at 9.2 point release time.

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-10-08 14:32:32 UTC (rev 56518)
+++ data/CVE/list	2017-10-08 14:49:06 UTC (rev 56519)
@@ -2904,7 +2904,7 @@
 	RESERVED
 CVE-2017-14064 (Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can ...)
 	{DSA-3966-1 DLA-1114-1}
-	- ruby2.3 <unfixed> (bug #873906)
+	- ruby2.3 2.3.3-1+deb9u1 (bug #873906)
 	- ruby2.1 <removed>
 	- ruby1.9.1 <removed>
 	NOTE: https://bugs.ruby-lang.org/issues/13853
@@ -15474,7 +15474,7 @@
 	NOT-FOR-US: Synology Photo Station
 CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection ...)
 	{DSA-3966-1}
-	- ruby2.3 <unfixed> (bug #864860)
+	- ruby2.3 2.3.3-1+deb9u1 (bug #864860)
 	- ruby2.1 <removed>
 	[jessie] - ruby2.1 <no-dsa> (Minor issue)
 	- ruby1.9.1 <removed>
@@ -40614,7 +40614,7 @@
 	RESERVED
 CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking ...)
 	{DSA-3966-1}
-	- ruby2.3 <unfixed> (bug #873802)
+	- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
 	- ruby2.1 <removed>
 	- ruby1.9.1 <removed>
 	[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
@@ -40626,7 +40626,7 @@
 	NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
 CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specification ...)
 	{DSA-3966-1 DLA-1114-1 DLA-1112-1}
-	- ruby2.3 <unfixed> (bug #873802)
+	- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
 	- ruby2.1 <removed>
 	- ruby1.9.1 <removed>
 	- rubygems <removed>
@@ -40636,7 +40636,7 @@
 	NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
 CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously ...)
 	{DSA-3966-1 DLA-1114-1 DLA-1112-1}
-	- ruby2.3 <unfixed> (bug #873802)
+	- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
 	- ruby2.1 <removed>
 	- ruby1.9.1 <removed>
 	- rubygems <removed>
@@ -40646,7 +40646,7 @@
 	NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
 CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously ...)
 	{DSA-3966-1 DLA-1114-1}
-	- ruby2.3 <unfixed> (unimportant; bug #873802)
+	- ruby2.3 2.3.3-1+deb9u1 (unimportant; bug #873802)
 	- ruby2.1 <removed> (unimportant)
 	- ruby1.9.1 <removed> (unimportant)
 	- rubygems <removed> (unimportant)
@@ -48864,7 +48864,7 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
 CVE-2016-7798 (The openssl gem for Ruby uses the same initialization vector (IV) in ...)
 	{DSA-3966-1}
-	- ruby2.3 <unfixed> (bug #842432)
+	- ruby2.3 2.3.3-1+deb9u1 (bug #842432)
 	- ruby2.1 <removed> (bug #842544)
 	[jessie] - ruby2.1 <no-dsa> (Minor issue)
 	NOTE: https://github.com/ruby/openssl/issues/49


