[Git][security-tracker-team/security-tracker][master] CVE-2018-12029 and CVE-2017-16355 for passenger fixed in unstable

Salvatore Bonaccorso carnil at debian.org
Tue Mar 19 15:11:24 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b523c506 by Salvatore Bonaccorso at 2019-03-19T15:10:52Z
CVE-2018-12029 and CVE-2017-16355 for passenger fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -44702,7 +44702,7 @@ CVE-2018-12030 (Chevereto Free before 1.0.13 has XSS. ...)
 	NOT-FOR-US: Chevereto Free
 CVE-2018-12029 (A race condition in the nginx module in Phusion Passenger 3.x through  ...)
 	{DLA-1399-1}
-	- passenger <unfixed> (bug #921767; unimportant)
+	- passenger 5.0.30-1.1 (bug #921767; unimportant)
 	- ruby-passenger <removed> (unimportant)
 	NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
 	NOTE: https://github.com/phusion/passenger/commit/207870f5b7f5cc240587ab0977d6046782ae1d86 (release-5.3.2)
@@ -81716,7 +81716,7 @@ CVE-2017-16357 (In radare 2.0.1, a memory corruption vulnerability exists in sto
 CVE-2017-16356 (Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended)  ...)
 	NOT-FOR-US: Kubik-Rubik SIGE
 CVE-2017-16355 (In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed ...)
-	- passenger <unfixed> (bug #884463)
+	- passenger 5.0.30-1.1 (bug #884463)
 	- ruby-passenger <removed>
 	[jessie] - ruby-passenger <no-dsa> (Minor issue)
 	[wheezy] - ruby-passenger <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b523c50686633de51ed21bd3168c4106ec3e4f4f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b523c50686633de51ed21bd3168c4106ec3e4f4f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190319/0e567b5d/attachment.html>

More information about the debian-security-tracker-commits mailing list