[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-1000088/ruby-doorkeeper fixed already, but not closed

Sun Aug 26 14:12:04 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
497a8a7d by Salvatore Bonaccorso at 2018-08-26T13:11:06Z
CVE-2018-1000088/ruby-doorkeeper fixed already, but not closed

- - - - -
a2d45bee by Salvatore Bonaccorso at 2018-08-26T13:11:06Z
CVE-2018-1000211/ruby-doorkeeper fixed with 4.4.2-1 in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4478,7 +4478,7 @@ CVE-2018-14038
 CVE-2018-14037
 	RESERVED
 CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect Access Control ...)
-	- ruby-doorkeeper <unfixed> (bug #903980)
+	- ruby-doorkeeper 4.4.2-1 (bug #903980)
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/891
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1119
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1031
@@ -22075,7 +22075,7 @@ CVE-2018-1000089 (Anymail django-anymail version version 0.2 through 1.3 contain
 	[stretch] - django-anymail <ignored> (Minor issue; non-free/contrib not security supported)
 	NOTE: https://github.com/anymail/django-anymail/commit/1a6086f2b58478d71f89bf27eb034ed81aefe5ef
 CVE-2018-1000088 (Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting ...)
-	- ruby-doorkeeper <unfixed> (bug #891069)
+	- ruby-doorkeeper 4.3.1-1 (bug #891069)
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/969
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/970
 CVE-2018-1000087 (WolfCMS version version 0.8.3.1 contains a Reflected Cross Site ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f3033351a8a2b382043bc3f85749bb85d68f1848...a2d45beeeaae36d4128692164cc0f21f64ee492c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f3033351a8a2b382043bc3f85749bb85d68f1848...a2d45beeeaae36d4128692164cc0f21f64ee492c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180826/ee08d92a/attachment.html>
