[Git][security-tracker-team/security-tracker][master] Reserve DLA-2275-1 for ruby-rack

Utkarsh Gupta utkarsh at debian.org
Fri Jul 10 12:54:42 BST 2020 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aa921bc3 by Utkarsh Gupta at 2020-07-10T17:24:25+05:30
Reserve DLA-2275-1 for ruby-rack

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -19762,7 +19762,6 @@ CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0 tha
 	{DLA-2216-1}
 	- ruby-rack 2.1.1-5
 	[buster] - ruby-rack <no-dsa> (Minor issue; can be fixed via point release)
-	[stretch] - ruby-rack <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ
 	NOTE: Fixed by: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e
 	NOTE: Required followup: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Jul 2020] DLA-2275-1 ruby-rack - security update
+	{CVE-2020-8161 CVE-2020-8184}
+	[stretch] - ruby-rack 1.6.4-4+deb9u2
 [09 Jul 2020] DLA-2274-1 fwupd - security update
 	{CVE-2020-10759}
 	[stretch] - fwupd 0.7.4-2+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -134,9 +134,6 @@ rails (Sylvain Beucler)
   NOTE: 20200709: https://www.beuc.net/tmp/debian-lts/rails/
   NOTE: 20200709: this deb9u3 includes/supersedes stretch-pu deb9u2
 --
-ruby-rack (Utkarsh Gupta)
-  NOTE: probably not affected (parse_cookies_header() is not available in Jessie, but code might hide somewhere else) (thorsten)
---
 ruby-zip
   NOTE: 20200710: Vulnerable to at least CVE-2018-1000544. (lamby)
   NOTE: 20200710: Was fixed in jessie LTS via DLA-1467-1. (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa921bc3d9e90bc49c6784f2b1f70980ab1ffe3f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa921bc3d9e90bc49c6784f2b1f70980ab1ffe3f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200710/feb8dde3/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list