[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: Notes/fixed by for ruby's issues: CVE-2018-6914 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780
Santiago R.R.
santiago at debian.org
Wed Apr 4 22:25:03 BST 2018
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2fca27b8 by Santiago R.R at 2018-04-04T23:23:02+02:00
Notes/fixed by for ruby's issues: CVE-2018-6914 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780
Signed-off-by: Santiago R.R <santiagorr at riseup.net>
- - - - -
fae6a38a by Santiago R.R at 2018-04-04T23:23:44+02:00
Merge remote-tracking branch 'refs/remotes/origin/master'
- - - - -
a1bf3923 by Santiago R.R at 2018-04-04T23:24:39+02:00
Merge remote-tracking branch 'refs/remotes/origin/master'
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1304,18 +1304,26 @@ CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
+ NOTE: https://hackerone.com/reports/302338
+ NOTE: Fixed by: https://github.com/ruby/ruby/commit/bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8
+ NOTE: Fixed by: https://github.com/ruby/ruby/commit/143eb22f1877815dd802f7928959c5f93d4c7bb3 (2.2.10)
CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
+ NOTE: https://hackerone.com/reports/302997
+ NOTE: Fixed by: https://github.com/ruby/ruby/commit/8794dec6a5f11adc5cdd19a5ee91ea6b0816763f
+ NOTE: Fixed by: https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9 (2.2.10)
CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
+ NOTE: https://hackerone.com/reports/298246
+ NOTE: Fixed by: https://github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859 (2.2.10)
CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
@@ -6367,6 +6375,9 @@ CVE-2018-6914 (Directory traversal vulnerability in the Dir.mktmpdir method in t
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
+ NOTE: https://hackerone.com/reports/302298
+ NOTE: Fixed by: https://github.com/ruby/ruby/commit/10b96900b90914b0cc1dba36f9736c038db2859d
+ NOTE: Fixed by: https://github.com/ruby/ruby/commit/e9ddf2ba41a0bffe1047e33576affd48808c5d0b (2.2.10)
CVE-2018-1000063
REJECTED
CVE-2017-18179 (Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e1a501f8472ff24fe66c1677b58ad1564cf7baab...a1bf39232a988f00df252f9d602bccf59ef45dd3
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e1a501f8472ff24fe66c1677b58ad1564cf7baab...a1bf39232a988f00df252f9d602bccf59ef45dd3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180404/d75e88a2/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list