[Git][security-tracker-team/security-tracker][master] Track rails fixes for unstable via 2:6.0.3.7+dfsg-1

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Sat May 15 11:53:47 BST 2021



Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
39893a52 by Utkarsh Gupta at 2021-05-15T16:23:18+05:30
Track rails fixes for unstable via 2:6.0.3.7+dfsg-1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23599,7 +23599,7 @@ CVE-2021-22905
 CVE-2021-22904 [Possible DoS Vulnerability in Action Controller Token Authentication]
 	RESERVED
 	{DLA-2655-1}
-	- rails <unfixed> (bug #988214)
+	- rails 2:6.0.3.7+dfsg-1 (bug #988214)
 	NOTE: https://github.com/rails/rails/commit/eab8c20f3ef6a022c4c11b439b1b22cef1768d5e (main)
 	NOTE: https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2 (v6.0.3.7)
 	NOTE: https://github.com/rails/rails/commit/3d9e9fdf14e044b3ba66f909582c228a9d4ffb5c (v5.2.4.6)
@@ -23610,7 +23610,7 @@ CVE-2021-22903
 	NOTE: Fixed by: https://github.com/rails/rails/commit/55e0723846aa77ce6afcb677618578fb859b7fd7 (main)
 CVE-2021-22902 [Possible Denial of Service vulnerability in Action Dispatch]
 	RESERVED
-	- rails <unfixed> (bug #988214)
+	- rails 2:6.0.3.7+dfsg-1 (bug #988214)
 	[buster] - rails <not-affected> (Vulnerable code introduced later)
 	[stretch] - rails <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://github.com/rails/rails/commit/b61b94181b2a0cecab49d90d8f259bc8e39b662a (main)
@@ -23654,7 +23654,7 @@ CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to p
 CVE-2021-22885 [Possible Information Disclosure / Unintended Method Execution in Action Pack]
 	RESERVED
 	{DLA-2655-1}
-	- rails <unfixed> (bug #988214)
+	- rails 2:6.0.3.7+dfsg-1 (bug #988214)
 	NOTE: https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main)
 	NOTE: https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce (v6.0.3.7)
 	NOTE: https://github.com/rails/rails/commit/3eb9e74c287750a9fe11f700fc96d3be1e83aa35 (v5.2.4.6)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39893a52d26663b900ec574f73be5f0f3b05c1bc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39893a52d26663b900ec574f73be5f0f3b05c1bc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210515/194ed37e/attachment.htm>


More information about the debian-security-tracker-commits mailing list