[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2018-3741/ruby-rails-html-sanitizer as no-dsa
Salvatore Bonaccorso
carnil at debian.org
Mon Jun 1 09:46:38 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8d266c5f by Salvatore Bonaccorso at 2020-06-01T10:45:09+02:00
Mark CVE-2018-3741/ruby-rails-html-sanitizer as no-dsa
- - - - -
9168297a by Salvatore Bonaccorso at 2020-06-01T10:46:07+02:00
Mark CVE-2018-1687{7,8}/pacemaker as no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -98650,12 +98650,14 @@ CVE-2018-16879 (Ansible Tower before version 3.3.3 does not set a secure channel
NOT-FOR-US: Ansible Tower
CVE-2018-16878 (A flaw was found in pacemaker up to and including version 2.0.1. An in ...)
- pacemaker 2.0.1-3 (bug #927714)
+ [stretch] - pacemaker <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html
CVE-2018-16877 (A flaw was found in the way pacemaker's client-server authentication w ...)
- pacemaker 2.0.1-3 (bug #927714)
+ [stretch] - pacemaker <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
@@ -135076,6 +135078,7 @@ CVE-2018-3742
REJECTED
CVE-2018-3741 (There is a possible XSS vulnerability in all rails-html-sanitizer gem ...)
- ruby-rails-html-sanitizer 1.0.4-1 (bug #893994)
+ [stretch] - ruby-rails-html-sanitizer <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae
CVE-2018-3740 (A specially crafted HTML fragment can cause Sanitize gem for Ruby to a ...)
{DSA-4358-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03cbd54692f5b96204c490562e7869a6810ffca1...9168297aaf874ae06580779946e34db20a4d08f7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03cbd54692f5b96204c490562e7869a6810ffca1...9168297aaf874ae06580779946e34db20a4d08f7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200601/a3273184/attachment.html>
More information about the debian-security-tracker-commits
mailing list