[Git][security-tracker-team/security-tracker][master] CVE-2019-16892/ruby-zip: jessie triage
Sylvain Beucler
beuc at debian.org
Mon Sep 30 09:26:03 BST 2019
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
67a1884f by Sylvain Beucler at 2019-09-30T08:23:24Z
CVE-2019-16892/ruby-zip: jessie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -235,6 +235,7 @@ CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file can bypass applicati
- ruby-zip <unfixed> (low; bug #941222)
[buster] - ruby-zip <no-dsa> (Minor issue)
[stretch] - ruby-zip <no-dsa> (Minor issue)
+ [jessie] - ruby-zip <postponed> (Minor issue, zip bomb non-default mitigation)
NOTE: https://github.com/rubyzip/rubyzip/pull/403
NOTE: https://github.com/rubyzip/rubyzip/commit/4167f0ce67e42b082605bca75c7bdfd01eb23804
NOTE: https://github.com/rubyzip/rubyzip/commit/7849f7362ab0cd23d5730ef8b6f2c39252da2285
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/67a1884f066cc481e95a487b4e8c4ae3007384dd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/67a1884f066cc481e95a487b4e8c4ae3007384dd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190930/f42828f4/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list