[Git][security-tracker-team/security-tracker][master] Mark CVE-2016-10522/ruby-rails-admin as no-dsa
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 22 21:09:32 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f0137748 by Salvatore Bonaccorso at 2019-07-22T20:09:05Z
Mark CVE-2016-10522/ruby-rails-admin as no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -96839,7 +96839,9 @@ CVE-2016-10523 (MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically cra
NOTE: https://nodesecurity.io/advisories/75
CVE-2016-10522 (rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request fo ...)
- ruby-rails-admin <removed> (bug #903855)
+ [stretch] - ruby-rails-admin <no-dsa> (Minor issue; has regression potential)
NOTE: https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a
+ NOTE: Regression: https://github.com/sferik/rails_admin/issues/2830
CVE-2016-10521 (jshamcrest is vulnerable to regular expression denial of service (ReDo ...)
NOT-FOR-US: jshamcrest
CVE-2016-10520 (jadedown is vulnerable to regular expression denial of service (ReDoS) ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f0137748ec80d55fb69401178d8e4983ab75b4a0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f0137748ec80d55fb69401178d8e4983ab75b4a0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190722/af78c277/attachment.html>
More information about the debian-security-tracker-commits
mailing list