[Git][security-tracker-team/security-tracker][master] Reference commits from merge for CVE-2019-16892/ruby-zip

Thu Sep 26 16:52:08 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc1ca2cd by Salvatore Bonaccorso at 2019-09-26T15:51:36Z
Reference commits from merge for CVE-2019-16892/ruby-zip

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,6 +21,9 @@ CVE-2019-16893
 CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file can bypass application che ...)
 	- ruby-zip <unfixed>
 	NOTE: https://github.com/rubyzip/rubyzip/pull/403
+	NOTE: https://github.com/rubyzip/rubyzip/commit/4167f0ce67e42b082605bca75c7bdfd01eb23804
+	NOTE: https://github.com/rubyzip/rubyzip/commit/7849f7362ab0cd23d5730ef8b6f2c39252da2285
+	NOTE: https://github.com/rubyzip/rubyzip/commit/97cb6aefe6d12bd2429d7a2e119ccb26f259d71d
 CVE-2019-16891
 	RESERVED
 CVE-2019-16890 (Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc1ca2cd95ead82e725bce709dabaca2805b4c39

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc1ca2cd95ead82e725bce709dabaca2805b4c39
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190926/90e277ef/attachment-0001.html>
