[Git][security-tracker-team/security-tracker][master] Track fixed version for several 2018 CVEs for rubygems addressed in reintroducing version
Salvatore Bonaccorso
carnil at debian.org
Sun Nov 29 20:15:55 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
510126b5 by Salvatore Bonaccorso at 2020-11-29T21:15:20+01:00
Track fixed version for several 2018 CVEs for rubygems addressed in reintroducing version
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -164444,7 +164444,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
- - rubygems <unfixed>
+ - rubygems 3.2.0~rc.1-1
[wheezy] - rubygems <not-affected> (Vulnerable code not present)
- jruby 9.1.17.0-1 (bug #895778)
[jessie] - jruby <not-affected> (Vulnerable code not present)
@@ -164458,7 +164458,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <unfixed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -164468,7 +164468,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <unfixed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -164478,7 +164478,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <unfixed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -164488,7 +164488,7 @@ CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <unfixed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -164499,7 +164499,7 @@ CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
- - rubygems <unfixed>
+ - rubygems 3.2.0~rc.1-1
[wheezy] - rubygems <no-dsa> (Minor issue)
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d
@@ -164511,7 +164511,7 @@ CVE-2018-1000073 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code not present)
- - rubygems <unfixed>
+ - rubygems 3.2.0~rc.1-1
[wheezy] - rubygems <not-affected> (Vulnerable code not present)
- jruby 9.1.17.0-2.1 (bug #895778; bug #925986)
[jessie] - jruby <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/510126b544c227363dbc2432f928aa0ca57b4a57
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/510126b544c227363dbc2432f928aa0ca57b4a57
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201129/6e69add1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list