[Git][security-tracker-team/security-tracker][master] ruby2.7 fixed in sid

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cfa9c6ea by Moritz Muehlenhoff at 2021-12-13T08:59:56+01:00
ruby2.7 fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10839,7 +10839,7 @@ CVE-2021-41820
 CVE-2021-41819 [Cookie Prefix Spoofing in CGI::Cookie.parse]
 	RESERVED
 	- ruby3.0 <unfixed>
-	- ruby2.7 <unfixed>
+	- ruby2.7 2.7.5-1
 	- ruby2.5 <removed>
 	- ruby2.3 <removed>
 	NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
@@ -10850,7 +10850,7 @@ CVE-2021-41818
 CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsing Methods]
 	RESERVED
 	- ruby3.0 <unfixed>
-	- ruby2.7 <unfixed>
+	- ruby2.7 2.7.5-1
 	- ruby2.5 <removed>
 	- ruby2.3 <removed>
 	NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
@@ -10862,7 +10862,7 @@ CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsi
 CVE-2021-41816 [Buffer Overrun in CGI.escape_html]
 	RESERVED
 	- ruby3.0 <unfixed>
-	- ruby2.7 <unfixed>
+	- ruby2.7 2.7.5-1
 	- ruby2.5 <not-affected> (Vulnerable code introduced later)
 	- ruby2.3 <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed in Ruby 3.0.3, 2.7.5



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfa9c6eab1e91173db09d42f3e85e2e23a1cf484

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfa9c6eab1e91173db09d42f3e85e2e23a1cf484
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211213/e80c220d/attachment.htm>