[Git][security-tracker-team/security-tracker][master] Reference commits for all affected branches for ruby-sprockets

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd729731 by Salvatore Bonaccorso at 2018-07-10T21:32:35+02:00
Reference commits for all affected branches for ruby-sprockets

Add commits for master, 3.x (3.7.2) and 2.x (2.12.5) series.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -26838,7 +26838,9 @@ CVE-2018-3760 (There is an information leak vulnerability in Sprockets. Versions
 	- ruby-sprockets 3.7.0-1.1 (bug #901913)
 	[jessie] - ruby-sprockets <not-affected> (vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/19/2
-	NOTE: https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5f
+	NOTE: https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5f (master)
+	NOTE: https://github.com/rails/sprockets/commit/9c34fa05900b968d74f08ccf40917848a7be9441 (3.x)
+	NOTE: https://github.com/rails/sprockets/commit/18b8a7f07a50c245e9aee7854ecdbe606bbd8bb5 (2.x)
 CVE-2018-3759 (private_address_check ruby gem before 0.5.0 is vulnerable to a ...)
 	NOT-FOR-US: private_address_check
 CVE-2018-3758 (Unrestricted file upload (RCE) in express-cart module before 1.1.7 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd7297313025aaa86446b2ff6db17864c7c9bd95

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd7297313025aaa86446b2ff6db17864c7c9bd95
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180710/6ae358ee/attachment.html>