[Secure-testing-commits] r55804 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Sep 15 21:33:06 UTC 2017
Author: carnil
Date: 2017-09-15 21:33:06 +0000 (Fri, 15 Sep 2017)
New Revision: 55804
Modified:
data/CVE/list
Log:
Add CVE-2017-0898/ruby issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-15 21:29:25 UTC (rev 55803)
+++ data/CVE/list 2017-09-15 21:33:06 UTC (rev 55804)
@@ -38675,7 +38675,12 @@
NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
NOTE: Not considered a vulnerability per se, if this affects a terminal emulator it's a bug there
CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a leakage of its ...)
- TODO: check
+ - ruby2.3 <unfixed>
+ - ruby2.1 <removed>
+ - ruby1.9.1 <removed>
+ - ruby1.8 <removed>
+ NOTE: https://github.com/mruby/mruby/issues/3722
+ NOTE: https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/
CVE-2017-0897 (ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create ...)
NOT-FOR-US: ExpressionEngine
CVE-2017-0896 (Zulip Server 1.5.1 and below suffer from an error in the ...)
More information about the Secure-testing-commits
mailing list