[Secure-testing-commits] r56562 - data/CVE

Tue Oct 10 04:55:04 UTC 2017

Author: carnil
Date: 2017-10-10 04:55:04 +0000 (Tue, 10 Oct 2017)
New Revision: 56562

Modified:
   data/CVE/list
Log:
Add reference for rubygems issue

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-10-10 04:53:35 UTC (rev 56561)
+++ data/CVE/list	2017-10-10 04:55:04 UTC (rev 56562)
@@ -40830,6 +40830,7 @@
 	- ruby1.9.1 <removed>
 	- rubygems <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/10/10/2
+	NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html
 CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking ...)
 	{DSA-3966-1}
 	- ruby2.3 2.3.3-1+deb9u1 (bug #873802)


