[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new ruby issue

Sat Mar 31 15:59:15 UTC 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
293db617 by Moritz Muehlenhoff at 2018-03-31T17:58:56+02:00
new ruby issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -903,8 +903,13 @@ CVE-2018-8781
 	RESERVED
 CVE-2018-8780
 	RESERVED
-CVE-2018-8779
+CVE-2018-8779 [ruby: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket]
 	RESERVED
+	- ruby2.5 <unfixed>
+	- ruby2.3 <unfixed>
+	- ruby2.1 <removed>
+	- ruby1.9.1 <removed>
+	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
 CVE-2018-8778 [ruby: Buffer under-read in String#unpack]
 	RESERVED
 	- ruby2.5 <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/293db6175dec4aa5f2ca562d8e41a599c546f5d2

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/293db6175dec4aa5f2ca562d8e41a599c546f5d2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180331/6931586d/attachment.html>
