[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for jruby issues CVE-2019-832{0,1,2,3,4,5}

Fri Mar 29 19:59:26 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4240fada by Salvatore Bonaccorso at 2019-03-29T19:58:46Z
Add Debian bug reference for jruby issues CVE-2019-832{0,1,2,3,4,5}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5429,7 +5429,7 @@ CVE-2019-8325 [Escape sequence injection vulnerability in errors]
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
 	- rubygems <removed>
-	- jruby <unfixed>
+	- jruby <unfixed> (bug #925987)
 	NOTE: https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5)
 	NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
 	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
@@ -5440,7 +5440,7 @@ CVE-2019-8324 [Installing a malicious gem may lead to arbitrary code execution]
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
 	- rubygems <removed>
-	- jruby <unfixed>
+	- jruby <unfixed> (bug #925987)
 	NOTE: https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5)
 	NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
 	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
@@ -5451,7 +5451,7 @@ CVE-2019-8323 [Escape sequence injection vulnerability in API response handling]
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
 	- rubygems <removed>
-	- jruby <unfixed>
+	- jruby <unfixed> (bug #925987)
 	NOTE: https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5)
 	NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
 	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
@@ -5462,7 +5462,7 @@ CVE-2019-8322 [Escape sequence injection vulnerability in gem owner]
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
 	- rubygems <removed>
-	- jruby <unfixed>
+	- jruby <unfixed> (bug #925987)
 	NOTE: https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5)
 	NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
 	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
@@ -5474,7 +5474,7 @@ CVE-2019-8321 [Escape sequence injection vulnerability in verbose]
 	- ruby2.1 <removed>
 	[jessie] - ruby2.1 <not-affected> (Vulnerable code introduced later)
 	- rubygems <removed>
-	- jruby <unfixed>
+	- jruby <unfixed> (bug #925987)
 	NOTE: https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5)
 	NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
 	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
@@ -5485,7 +5485,7 @@ CVE-2019-8320 [Delete directory using symlink when decompressing tar]
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
 	- rubygems <removed>
-	- jruby <unfixed>
+	- jruby <unfixed> (bug #925987)
 	NOTE: https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5)
 	NOTE: https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3)
 	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4240fada9521b468e219a10e5cd0fd750ed0152a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4240fada9521b468e219a10e5cd0fd750ed0152a
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190329/fedce54e/attachment.html>
