[Git][security-tracker-team/security-tracker][master] CVE-2018-16471/ruby-rack proposed via stretch-pu

Wed Nov 21 07:20:02 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a5dffce by Salvatore Bonaccorso at 2018-11-21T07:19:19Z
CVE-2018-16471/ruby-rack proposed via stretch-pu

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7455,6 +7455,7 @@ CVE-2018-16472 (A prototype pollution attack in cached-path-relative versions &l
 	NOT-FOR-US: cached-path-relative
 CVE-2018-16471 (There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. ...)
 	- ruby-rack <unfixed> (bug #913005)
+	[stretch] - ruby-rack <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/rack/rack/commit/e5d58031b766e49687157b45edab1b8457d972bd (master)
 	NOTE: Fixed by: https://github.com/rack/rack/commit/8376dd11e6526a53432ee59b7a5d092bda9fc901 (2.0.6)
 	NOTE: Fixed by: https://github.com/rack/rack/commit/97ca63d87d88b4088fb1995b14103d4fe6a5e594 (1.6.11)


=====================================
data/next-point-update.txt
=====================================
@@ -48,3 +48,5 @@ CVE-2018-19198
 	[stretch] - uriparser 0.8.4-1+deb9u1
 CVE-2011-2767
 	[stretch] - libapache2-mod-perl2 2.0.10-2+deb9u1
+CVE-2018-16471
+	[stretch] - ruby-rack 1.6.4-4+deb9u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a5dffce59051452f774e07cd358367097dc9b6a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a5dffce59051452f774e07cd358367097dc9b6a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181121/d12411da/attachment.html>
