[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-100007{3, 4, 5, 6, 7, 8, 9}/ruby2.5 fixed in unstable
Salvatore Bonaccorso
carnil at debian.org
Sun Feb 25 08:14:39 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
52acfb9a by Salvatore Bonaccorso at 2018-02-25T09:14:10+01:00
CVE-2018-100007{3,4,5,6,7,8,9}/ruby2.5 fixed in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -544,7 +544,7 @@ CVE-2018-1000080
RESERVED
CVE-2018-1000079 [Path traversal issue during gem installation allows to write to arbitrary filesystem locations]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -555,7 +555,7 @@ CVE-2018-1000079 [Path traversal issue during gem installation allows to write t
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000078 [XSS vulnerability in homepage attribute when displayed via gem server]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -565,7 +565,7 @@ CVE-2018-1000078 [XSS vulnerability in homepage attribute when displayed via gem
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000077 [Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -575,7 +575,7 @@ CVE-2018-1000077 [Missing URL validation on spec home attribute allows malicious
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000076 [Improper verification of signatures in tarball allows to install mis-signed gem]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -585,7 +585,7 @@ CVE-2018-1000076 [Improper verification of signatures in tarball allows to insta
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000075 [Infinite loop vulnerability due to negative size in tar header causes Denial of Service]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -595,7 +595,7 @@ CVE-2018-1000075 [Infinite loop vulnerability due to negative size in tar header
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000074 [Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
@@ -605,7 +605,7 @@ CVE-2018-1000074 [Unsafe Object Deserialization Vulnerability in gem owner allow
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000073 [Path traversal when writing to a symlinked basedir outside of the root]
RESERVED
- - ruby2.5 <unfixed>
+ - ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52acfb9a8d1d3fc14528ebbc6404cd2c650efcf7
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52acfb9a8d1d3fc14528ebbc6404cd2c650efcf7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180225/1e74b993/attachment.html>
More information about the Secure-testing-commits
mailing list