[Git][security-tracker-team/security-tracker][master] Correct ordering of suites in CVE-2019-8320 listing
Salvatore Bonaccorso
carnil at debian.org
Sat Jul 11 18:06:06 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a098b736 by Salvatore Bonaccorso at 2020-07-11T19:04:19+02:00
Correct ordering of suites in CVE-2019-8320 listing
It on the OTOH looks a bit odd to mark jruby in stretch end-of-life
referring to the EOL announcement for jruby in jessie. Question to LTS
reviewers: Is this correct?
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -74762,8 +74762,8 @@ CVE-2019-8320 (A Directory Traversal issue was discovered in RubyGems 2.7.6 and
- ruby2.1 <removed>
- rubygems <removed>
- jruby 9.1.17.0-3 (bug #925987)
- [jessie] - jruby <not-affected> (Vulnerable code introduced later)
[stretch] - jruby <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00148.html)
+ [jessie] - jruby <not-affected> (Vulnerable code introduced later)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a098b73660cedbb7ce7eba54492ac95a86ba5714
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a098b73660cedbb7ce7eba54492ac95a86ba5714
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200711/a5cb4822/attachment.html>
More information about the debian-security-tracker-commits
mailing list