[Git][security-tracker-team/security-tracker][master] Add CVE-2011-1497/rails for an ancient issue

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1662eafb by Salvatore Bonaccorso at 2021-10-19T22:29:27+02:00
Add CVE-2011-1497/rails for an ancient issue

The versions affected for ruby-{active,action}*-X.Y packages are long
gone in Debian, so do not go down these versions to track the fixed
verion. src:rails OTOH was then never affected in Debian as the initial
upload for Rails 4.0 contained the fix already.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -429323,7 +429323,9 @@ CVE-2011-1498 (Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when
 	NOTE: http://seclists.org/oss-sec/2011/q2/188
 	NOTE: http://web.archive.org/web/20130102213624/http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
 CVE-2011-1497 (A cross-site scripting vulnerability flaw was found in the auto_link f ...)
-	TODO: check
+	- rails <not-affected> (Fixed before initial release of rails 4.0 to Debian)
+	NOTE: https://www.openwall.com/lists/oss-security/2011/04/06/13
+	NOTE: https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d
 CVE-2011-1496 (tmux 1.3 and 1.4 does not properly drop group privileges, which allows ...)
 	{DSA-2212-1}
 	- tmux 1.4-6 (bug #620304)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1662eafb083d6d58cfd5aa18c745bcd53fdfb1b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1662eafb083d6d58cfd5aa18c745bcd53fdfb1b9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211019/371cb11b/attachment.htm>