[Git][security-tracker-team/security-tracker][master] Update investigation for CVE-2020-11082 in ruby-kaminari.
Chris Lamb
lamby at debian.org
Wed Aug 19 12:49:17 BST 2020
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a27d0012 by Chris Lamb at 2020-08-19T12:48:52+01:00
Update investigation for CVE-2020-11082 in ruby-kaminari.
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=====================================
data/dla-needed.txt
=====================================
@@ -155,7 +155,12 @@ ruby-doorkeeper
--
ruby-json-jwt (Utkarsh Gupta)
--
-ruby-kaminari (Chris Lamb)
+ruby-kaminari
+ NOTE: 20200819: The source in Debian (at least in LTS) appears to have a different lineage to
+ NOTE: 20200819: the one upstream or in its many forks. For example, both dthe
+ NOTE: 20200819: kaminari/kaminari and amatsuda/kaminari repositories does no have the
+ NOTE: 20200819: @params.except(:script_name) line in any part of their history (although the
+ NOTE: 20200819: file has been refactored a few times). (lamby)
--
ruby-rack-cors (Utkarsh Gupta)
NOTE: 20200817: Was fixed in DLA-2096-1 for jessie LTS but is now re-vulnerable again in stretch LTS AFAICT. (lamby)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a27d0012e9c4e8f427b1ab4615bd5a746539592a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a27d0012e9c4e8f427b1ab4615bd5a746539592a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200819/d44f6835/attachment.html>
More information about the debian-security-tracker-commits
mailing list