[Git][security-tracker-team/security-tracker][master] Add CVE-2018-16395/ruby

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d92c47d3 by Salvatore Bonaccorso at 2018-10-26T06:24:43Z
Add CVE-2018-16395/ruby

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5524,8 +5524,14 @@ CVE-2018-16397 (In LimeSurvey before 3.14.7, an admin user can leverage a "
 	- limesurvey <itp> (bug #472802)
 CVE-2018-16396
 	RESERVED
-CVE-2018-16395
+CVE-2018-16395 [OpenSSL::X509::Name equality check does not work correctly]
 	RESERVED
+	- ruby-openssl <unfixed>
+	- ruby2.5 <unfixed>
+	- ruby2.3 <removed>
+	- ruby2.1 <removed>
+	NOTE: https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
+	NOTE: https://github.com/ruby/openssl/commit/f653cfa43f0f20e8c440122ea982382b6228e7f5
 CVE-2018-16394
 	RESERVED
 CVE-2018-16393 (Several buffer overflows when handling responses from a Gemsafe V1 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d92c47d30e5b24709f6607197547bb4797e294fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d92c47d30e5b24709f6607197547bb4797e294fc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181026/ae5b0c45/attachment.html>