[Git][security-tracker-team/security-tracker][master] Add CVE-2018-11627/ruby-sinatra

Sat Jun 2 07:16:24 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0714730 by Salvatore Bonaccorso at 2018-06-02T08:15:58+02:00
Add CVE-2018-11627/ruby-sinatra

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -98,7 +98,10 @@ CVE-2018-11629
 CVE-2018-11628 (Data input into EMS Master Calendar before 8.0.0.201805210 via URL ...)
 	TODO: check
 CVE-2018-11627 (Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs ...)
-	TODO: check
+	- ruby-sinatra <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/sinatra/sinatra/issues/1428
+	NOTE: Introduced by: https://github.com/sinatra/sinatra/commit/8f8df53ff29938ace79b31097c27d9cdac803b44
+	NOTE: Fixed by: https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a
 CVE-2018-11626 (SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer ...)
 	TODO: check
 CVE-2018-11625 (In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c07147308ef5fb486b4f084a7bd69677c2e233b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c07147308ef5fb486b4f084a7bd69677c2e233b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180602/44acee77/attachment.html>
