[Git][security-tracker-team/security-tracker][master] jruby fixed

Wed May 29 09:43:14 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e394487 by Moritz Muehlenhoff at 2019-05-29T08:42:45Z
jruby fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10987,7 +10987,7 @@ CVE-2019-8325 [Escape sequence injection vulnerability in errors]
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
 	- rubygems <removed>
-	- jruby <unfixed> (bug #925987)
+	- jruby 9.1.17.0-3 (bug #925987)
 	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
 	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -10998,7 +10998,7 @@ CVE-2019-8324 [Installing a malicious gem may lead to arbitrary code execution]
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
 	- rubygems <removed>
-	- jruby <unfixed> (bug #925987)
+	- jruby 9.1.17.0-3 (bug #925987)
 	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
 	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -11009,7 +11009,7 @@ CVE-2019-8323 [Escape sequence injection vulnerability in API response handling]
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
 	- rubygems <removed>
-	- jruby <unfixed> (bug #925987)
+	- jruby 9.1.17.0-3 (bug #925987)
 	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
 	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -11020,7 +11020,7 @@ CVE-2019-8322 [Escape sequence injection vulnerability in gem owner]
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
 	- rubygems <removed>
-	- jruby <unfixed> (bug #925987)
+	- jruby 9.1.17.0-3 (bug #925987)
 	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
 	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -11032,7 +11032,7 @@ CVE-2019-8321 [Escape sequence injection vulnerability in verbose]
 	- ruby2.1 <removed>
 	[jessie] - ruby2.1 <not-affected> (Vulnerable code introduced later)
 	- rubygems <removed>
-	- jruby <unfixed> (bug #925987)
+	- jruby 9.1.17.0-3 (bug #925987)
 	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
 	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -11043,7 +11043,7 @@ CVE-2019-8320 [Delete directory using symlink when decompressing tar]
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
 	- rubygems <removed>
-	- jruby <unfixed> (bug #925987)
+	- jruby 9.1.17.0-3 (bug #925987)
 	[jessie] - jruby <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
 	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e3944874442c3a0668722af3d1c6f8da825a782

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e3944874442c3a0668722af3d1c6f8da825a782
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190529/9d6f94b6/attachment.html>
