[Secure-testing-commits] r55476 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Sep 5 17:23:52 UTC 2017 

Author: jmm
Date: 2017-09-05 17:23:52 +0000 (Tue, 05 Sep 2017)
New Revision: 55476

Modified:
   data/CVE/list
Log:
file fixed
remove two no-dsa for ruby issues that will be fixed along
one ruby issue unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-05 17:09:40 UTC (rev 55475)
+++ data/CVE/list	2017-09-05 17:23:52 UTC (rev 55476)
@@ -1,5 +1,5 @@
 CVE-2017-1000249 [stack based buffer overflow]
-	- file <unfixed>
+	- file 1:5.32-1
 	[jessie] - file <not-affected> (Vulnerable code introduced later)
 	[wheezy] - file <not-affected> (Vulnerable code introduced later)
 	NOTE: Upstream fix: https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793
@@ -12487,7 +12487,6 @@
 	NOT-FOR-US: Synology Photo Station
 CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection ...)
 	- ruby2.3 <unfixed> (bug #864860)
-	[stretch] - ruby2.3 <no-dsa> (Minor issue)
 	- ruby2.1 <removed>
 	[jessie] - ruby2.1 <no-dsa> (Minor issue)
 	- ruby1.9.1 <removed>
@@ -37446,14 +37445,15 @@
 	NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
 	NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
 CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously ...)
-	- ruby2.3 <unfixed> (bug #873802)
-	- ruby2.1 <removed>
-	- ruby1.9.1 <removed>
-	- rubygems <removed>
+	- ruby2.3 <unfixed> (unimportant; bug #873802)
+	- ruby2.1 <removed> (unimportant)
+	- ruby1.9.1 <removed> (unimportant)
+	- rubygems <removed> (unimportant)
 	NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
 	NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
 	NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
 	NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
+	NOTE: Not considered a vulnerability per se, if this affects a terminal emulator it's a bug there
 CVE-2017-0898
 	RESERVED
 CVE-2017-0897 (ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create ...)
@@ -45646,7 +45646,6 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
 CVE-2016-7798 (The openssl gem for Ruby uses the same initialization vector (IV) in ...)
 	- ruby2.3 <unfixed> (bug #842432)
-	[stretch] - ruby2.3 <no-dsa> (Minor issue)
 	- ruby2.1 <removed> (bug #842544)
 	[jessie] - ruby2.1 <no-dsa> (Minor issue)
 	NOTE: https://github.com/ruby/openssl/issues/49

More information about the Secure-testing-commits mailing list