[Git][security-tracker-team/security-tracker][master] Slightly clarify target versions for rubygems patches
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 26 07:22:23 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f6d03776 by Salvatore Bonaccorso at 2019-03-26T07:21:57Z
Slightly clarify target versions for rubygems patches
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4871,7 +4871,8 @@ CVE-2019-8325 [Escape sequence injection vulnerability in errors]
- ruby2.1 <removed>
- rubygems <removed>
- jruby <unfixed>
- NOTE: https://bugs.ruby-lang.org/attachments/7669
+ NOTE: https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5)
+ NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
CVE-2019-8324 [Installing a malicious gem may lead to arbitrary code execution]
@@ -4881,7 +4882,8 @@ CVE-2019-8324 [Installing a malicious gem may lead to arbitrary code execution]
- ruby2.1 <removed>
- rubygems <removed>
- jruby <unfixed>
- NOTE: https://bugs.ruby-lang.org/attachments/7669
+ NOTE: https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5)
+ NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
CVE-2019-8323 [Escape sequence injection vulnerability in API response handling]
@@ -4891,7 +4893,8 @@ CVE-2019-8323 [Escape sequence injection vulnerability in API response handling]
- ruby2.1 <removed>
- rubygems <removed>
- jruby <unfixed>
- NOTE: https://bugs.ruby-lang.org/attachments/7669
+ NOTE: https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5)
+ NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
CVE-2019-8322 [Escape sequence injection vulnerability in gem owner]
@@ -4901,7 +4904,8 @@ CVE-2019-8322 [Escape sequence injection vulnerability in gem owner]
- ruby2.1 <removed>
- rubygems <removed>
- jruby <unfixed>
- NOTE: https://bugs.ruby-lang.org/attachments/7669
+ NOTE: https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5)
+ NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
CVE-2019-8321 [Escape sequence injection vulnerability in verbose]
@@ -4911,7 +4915,8 @@ CVE-2019-8321 [Escape sequence injection vulnerability in verbose]
- ruby2.1 <removed>
- rubygems <removed>
- jruby <unfixed>
- NOTE: https://bugs.ruby-lang.org/attachments/7669
+ NOTE: https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5)
+ NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
CVE-2019-8320 [Delete directory using symlink when decompressing tar]
@@ -4921,7 +4926,8 @@ CVE-2019-8320 [Delete directory using symlink when decompressing tar]
- ruby2.1 <removed>
- rubygems <removed>
- jruby <unfixed>
- NOTE: https://bugs.ruby-lang.org/attachments/7669
+ NOTE: https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5)
+ NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
CVE-2019-8319 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6d03776ae8031ccb2a91ed97f7052b10bc5719a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f6d03776ae8031ccb2a91ed97f7052b10bc5719a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190326/a7417d03/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list