[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Low prio package and low prio vulnerability. In total not worth fixing.
Ola Lundqvist
opal at debian.org
Mon Apr 9 19:48:53 BST 2018
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2187190d by Ola Lundqvist at 2018-04-09T20:48:37+02:00
Low prio package and low prio vulnerability. In total not worth fixing.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5244,6 +5244,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2 for Node.js is prone to
NOTE: nodejs not covered by security support
CVE-2018-1000119 (Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier ...)
- ruby-rack-protection <unfixed> (bug #892250)
+ [wheezy] - ruby-rack-protection <ignored> (Low prio package and low prio vulnerability according to RedHat)
NOTE: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20470
NOTE: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
NOTE: https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -83,8 +83,6 @@ qemu
--
qemu-kvm
--
-ruby-rack-protection
---
ruby1.9.1 (Santiago R.R.)
NOTE: 20180402: Also vulnerable to CVE-2018-1000074. (lamby)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2187190d75955a7389479ac17bc93e4ca39e3976
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2187190d75955a7389479ac17bc93e4ca39e3976
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180409/273f9a77/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list