[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2019-8320/rubygems

Tue Mar 26 07:20:55 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9cc8c150 by Salvatore Bonaccorso at 2019-03-26T07:17:22Z
Add CVE-2019-8320/rubygems

- - - - -
49917a5f by Salvatore Bonaccorso at 2019-03-26T07:20:10Z
Add new rubygems issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4864,18 +4864,66 @@ CVE-2019-8327
 	RESERVED
 CVE-2019-8326
 	RESERVED
-CVE-2019-8325
+CVE-2019-8325 [Escape sequence injection vulnerability in errors]
 	RESERVED
-CVE-2019-8324
+	- ruby2.5 <unfixed>
+	- ruby2.3 <removed>
+	- ruby2.1 <removed>
+	- rubygems <removed>
+	- jruby <unfixed>
+	NOTE: https://bugs.ruby-lang.org/attachments/7669
+	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
+	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
+CVE-2019-8324 [Installing a malicious gem may lead to arbitrary code execution]
 	RESERVED
-CVE-2019-8323
+	- ruby2.5 <unfixed>
+	- ruby2.3 <removed>
+	- ruby2.1 <removed>
+	- rubygems <removed>
+	- jruby <unfixed>
+	NOTE: https://bugs.ruby-lang.org/attachments/7669
+	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
+	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
+CVE-2019-8323 [Escape sequence injection vulnerability in API response handling]
 	RESERVED
-CVE-2019-8322
+	- ruby2.5 <unfixed>
+	- ruby2.3 <removed>
+	- ruby2.1 <removed>
+	- rubygems <removed>
+	- jruby <unfixed>
+	NOTE: https://bugs.ruby-lang.org/attachments/7669
+	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
+	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
+CVE-2019-8322 [Escape sequence injection vulnerability in gem owner]
 	RESERVED
-CVE-2019-8321
+	- ruby2.5 <unfixed>
+	- ruby2.3 <removed>
+	- ruby2.1 <removed>
+	- rubygems <removed>
+	- jruby <unfixed>
+	NOTE: https://bugs.ruby-lang.org/attachments/7669
+	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
+	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
+CVE-2019-8321 [Escape sequence injection vulnerability in verbose]
 	RESERVED
-CVE-2019-8320
+	- ruby2.5 <unfixed>
+	- ruby2.3 <removed>
+	- ruby2.1 <removed>
+	- rubygems <removed>
+	- jruby <unfixed>
+	NOTE: https://bugs.ruby-lang.org/attachments/7669
+	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
+	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
+CVE-2019-8320 [Delete directory using symlink when decompressing tar]
 	RESERVED
+	- ruby2.5 <unfixed>
+	- ruby2.3 <removed>
+	- ruby2.1 <removed>
+	- rubygems <removed>
+	- jruby <unfixed>
+	NOTE: https://bugs.ruby-lang.org/attachments/7669
+	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
+	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
 CVE-2019-8319 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...)
 	NOT-FOR-US: D-Link
 CVE-2019-8318 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d2e701434f8480680c4d47e2370b4f670fab4b10...49917a5f165e1118321f9a18eaaf44ded72507e9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d2e701434f8480680c4d47e2370b4f670fab4b10...49917a5f165e1118321f9a18eaaf44ded72507e9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190326/a061dc1e/attachment.html>
