[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-5420,rails: Jessie is not affected

Markus Koschany apo at debian.org
Sat Mar 30 17:49:19 GMT 2019 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ba732fcd by Markus Koschany at 2019-03-30T17:48:07Z
CVE-2019-5420,rails: Jessie is not affected

The vulnerable code is not present in the 4.x branch of rails.

- - - - -
9126ab66 by Markus Koschany at 2019-03-30T17:49:09Z
Reserve DLA-1739-1 for rails

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -13282,6 +13282,7 @@ CVE-2019-5421
 	RESERVED
 CVE-2019-5420 (A remote code execution vulnerability in development mode Rails <5. ...)
 	- rails 2:5.2.2.1+dfsg-1 (bug #924521)
+	[jessie] - <not-affected> (vulnerable code is not present in 4.x)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/3
 CVE-2019-5419 (There is a possible denial of service vulnerability in Action View (Ra ...)
 	- rails 2:5.2.2.1+dfsg-1 (bug #924520)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Mar 2019] DLA-1739-1 rails - security update
+	{CVE-2019-5418 CVE-2019-5419}
+	[jessie] - rails 2:4.1.8-1+deb8u5
 [30 Mar 2019] DLA-1738-1 gpsd - security update
 	{CVE-2018-17937}
 	[jessie] - gpsd 3.11-3+deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -89,8 +89,6 @@ python3.4 (Roberto C. Sánchez)
 qemu
   NOTE: CVE-2018-19665: wait for final patch
 --
-rails (Markus Koschany)
---
 sox
   NOTE: 20190305: CVE-2019-835{4,5,6,7} no upstream patch yet, might take some time.
   NOTE: Check again later. - hle



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b025eec89ff3e80d119c878c68e694807aa63f8b...9126ab66386d45e266e4bf9e98d8d20205893f51

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b025eec89ff3e80d119c878c68e694807aa63f8b...9126ab66386d45e266e4bf9e98d8d20205893f51
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190330/2115d671/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list