[Git][security-tracker-team/security-tracker][master] Triage CVE-2019-8325, CVE-2019-8324, CVE-2019-8323 etc. in jruby for stretch LTS.
Chris Lamb
lamby at debian.org
Sat Jul 11 15:39:54 BST 2020
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
29979a39 by Chris Lamb at 2020-07-11T15:39:30+01:00
Triage CVE-2019-8325, CVE-2019-8324, CVE-2019-8323 etc. in jruby for stretch LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49078,6 +49078,7 @@ CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4
- ruby2.3 <removed>
- ruby2.1 <removed>
- jruby <unfixed>
+ [stretch] - jruby <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE: https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
NOTE: ruby2.5: https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
@@ -49086,6 +49087,7 @@ CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4
- ruby2.3 <removed>
- ruby2.1 <removed>
- jruby <unfixed>
+ [stretch] - jruby <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE: https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc
NOTE: https://hackerone.com/reports/331984
NOTE: https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/
@@ -49277,6 +49279,7 @@ CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x throu
- ruby2.3 <removed>
- ruby2.1 <removed>
- jruby <unfixed>
+ [stretch] - jruby <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE: https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03
NOTE: https://hackerone.com/reports/661722
NOTE: https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/
@@ -74703,6 +74706,7 @@ CVE-2019-8325 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
- ruby2.1 <removed>
- rubygems <removed>
- jruby 9.1.17.0-3 (bug #925987)
+ [stretch] - jruby <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -74713,6 +74717,7 @@ CVE-2019-8324 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
- ruby2.1 <removed>
- rubygems <removed>
- jruby 9.1.17.0-3 (bug #925987)
+ [stretch] - jruby <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -74723,6 +74728,7 @@ CVE-2019-8323 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
- ruby2.1 <removed>
- rubygems <removed>
- jruby 9.1.17.0-3 (bug #925987)
+ [stretch] - jruby <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -74733,6 +74739,7 @@ CVE-2019-8322 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
- ruby2.1 <removed>
- rubygems <removed>
- jruby 9.1.17.0-3 (bug #925987)
+ [stretch] - jruby <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -74744,6 +74751,7 @@ CVE-2019-8321 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
[jessie] - ruby2.1 <not-affected> (Vulnerable code introduced later)
- rubygems <removed>
- jruby 9.1.17.0-3 (bug #925987)
+ [stretch] - jruby <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -74755,6 +74763,7 @@ CVE-2019-8320 (A Directory Traversal issue was discovered in RubyGems 2.7.6 and
- rubygems <removed>
- jruby 9.1.17.0-3 (bug #925987)
[jessie] - jruby <not-affected> (Vulnerable code introduced later)
+ [stretch] - jruby <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29979a390f7915a46b9c7f18b6ff7576f3828039
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29979a390f7915a46b9c7f18b6ff7576f3828039
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200711/0f1fdf54/attachment.html>
More information about the debian-security-tracker-commits
mailing list