[Git][security-tracker-team/security-tracker][master] CVE-2017-17742 is also in JRuby, and not yet fixed in unstable

Sat Aug 15 16:50:28 BST 2020


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
64c8b14a by Adrian Bunk at 2020-08-15T18:49:47+03:00
CVE-2017-17742 is also in JRuby, and not yet fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -160318,12 +160318,14 @@ CVE-2017-17743 (Improper input sanitization within the restricted administration
 	NOT-FOR-US: UCOPIA Wireless Appliance
 CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x befo ...)
 	{DSA-4259-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
+	- jruby <unfixed>
 	- ruby2.5 2.5.1-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
 	- ruby1.9.1 <removed>
 	- ruby1.8 <removed>
 	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/
+	NOTE: https://github.com/jruby/jruby/releases/tag/9.2.12.0
 CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows attac ...)
 	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
 	- linux 4.14.7-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64c8b14ab598bc8ea5a9a28a9030ffac09da08ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64c8b14ab598bc8ea5a9a28a9030ffac09da08ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200815/2e36db7b/attachment.html>
