[Git][security-tracker-team/security-tracker][master] Add CVE-2020-25613/ruby
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 30 07:42:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
89b03f2d by Salvatore Bonaccorso at 2020-09-30T08:42:06+02:00
Add CVE-2020-25613/ruby
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1205,8 +1205,14 @@ CVE-2014-10402 (An issue was discovered in the DBI module through 1.643 for Perl
[buster] - libdbi-perl <postponed> (Revisit when fixed upstream)
[stretch] - libdbi-perl <postponed> (Revisit when fixed upstream)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590
-CVE-2020-25613
+CVE-2020-25613 [Potential HTTP Request Smuggling Vulnerability in WEBrick]
RESERVED
+ - ruby2.7 <unfixed>
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ - jruby <unfixed>
+ NOTE: https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
+ NOTE: Fix in webrick: https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7
CVE-2020-25612
RESERVED
CVE-2020-25611
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89b03f2df72b2db7d2e1d862395c939a8fe04d4b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89b03f2df72b2db7d2e1d862395c939a8fe04d4b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200930/506b53b5/attachment.html>
More information about the debian-security-tracker-commits
mailing list