[Git][security-tracker-team/security-tracker][master] take ruby2.3
Moritz Muehlenhoff
jmm at debian.org
Tue Apr 9 18:40:16 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6843fff2 by Moritz Muehlenhoff at 2019-04-09T17:39:38Z
take ruby2.3
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -7222,6 +7222,7 @@ CVE-2019-8325 [Escape sequence injection vulnerability in errors]
NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
+ NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8324 [Installing a malicious gem may lead to arbitrary code execution]
RESERVED
{DLA-1735-1}
@@ -7234,6 +7235,8 @@ CVE-2019-8324 [Installing a malicious gem may lead to arbitrary code execution]
NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
+ NOTE: https://github.com/rubygems/rubygems/commit/00ff3037a577889bd1e555966d9e0d17bea8d28d
+ NOTE: https://github.com/rubygems/rubygems/commit/be3ad330cd1d7403389a3cc53a68b95a0a2b6491
CVE-2019-8323 [Escape sequence injection vulnerability in API response handling]
RESERVED
{DLA-1735-1}
@@ -7282,6 +7285,7 @@ CVE-2019-8320 [Delete directory using symlink when decompressing tar]
NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
+ NOTE: Patch needs further work: https://github.com/rubygems/rubygems/pull/2722
CVE-2019-8319 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...)
NOT-FOR-US: D-Link
CVE-2019-8318 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -41,13 +41,13 @@ linux
Wait until more issues have piled up
--
mercurial
-
+--
nss
Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508
--
rails
--
-ruby2.3
+ruby2.3 (jmm)
--
simplesamlphp
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6843fff2f29ea40b02f7e98aa9915ea49aabe9a7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6843fff2f29ea40b02f7e98aa9915ea49aabe9a7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190409/ff9eefee/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list