[Secure-testing-commits] r57158 - data/CVE
Lucas Kanashiro
kanashiro at moszumanska.debian.org
Tue Oct 31 12:19:59 UTC 2017
Author: kanashiro
Date: 2017-10-31 12:19:59 +0000 (Tue, 31 Oct 2017)
New Revision: 57158
Modified:
data/CVE/list
Log:
mark ruby1.9.1 and rubygems as not affected by CVE-2017-0903 in wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-31 12:16:28 UTC (rev 57157)
+++ data/CVE/list 2017-10-31 12:19:59 UTC (rev 57158)
@@ -44171,7 +44171,9 @@
- ruby2.3 <unfixed> (bug #879231)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
+ [wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
- rubygems <removed>
+ [wheezy] - rubygems <not-affected> (Vulnerable code introduced later)
NOTE: http://www.openwall.com/lists/oss-security/2017/10/10/2
NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html
NOTE: Fixed by: https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49
More information about the Secure-testing-commits
mailing list