[Git][security-tracker-team/security-tracker][master] Three rails issues fixed in unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 23 20:12:15 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e1fdaf4 by Salvatore Bonaccorso at 2022-08-23T21:11:46+02:00
Three rails issues fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16595,7 +16595,7 @@ CVE-2022-32225 (A reflected DOM-Based XSS vulnerability has been discovered in t
 	NOT-FOR-US: Veeam
 CVE-2022-32224
 	RESERVED
-	- rails <unfixed> (bug #1016140)
+	- rails 2:6.1.6.1+dfsg-1 (bug #1016140)
 	NOTE: https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
 	NOTE: Fixed by: https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a (main)
 	NOTE: Fixed by: https://github.com/rails/rails/commit/8ce4bd1be83c08c30c34af4d0f1a726066128176 (v6.1.6.1)
@@ -29918,7 +29918,7 @@ CVE-2022-27778 (A use of incorrectly resolved name vulnerability fixed in 7.83.1
 	NOTE: https://curl.se/docs/CVE-2022-27778.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/8c7ee9083d0d719d0a77ab20d9cc2ae84eeea7f3 (curl-7_83_1)
 CVE-2022-27777 (A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5. ...)
-	- rails <unfixed> (bug #1016982)
+	- rails 2:6.1.6.1+dfsg-1 (bug #1016982)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534
 	NOTE: Fixed by: https://github.com/rails/rails/commit/123f42a573f7fcbf391885c135ca809f21615180 (v6.1.5.1)
 	NOTE: Regression fix: https://github.com/rails/rails/commit/7c2da9e51c5c02643f30d83aaad3ed5062adcad8 (6.1.6)
@@ -46656,7 +46656,7 @@ CVE-2022-22579 (An information disclosure issue was addressed with improved stat
 CVE-2022-22578 (A logic issue was addressed with improved validation. This issue is fi ...)
 	NOT-FOR-US: Apple
 CVE-2022-22577 (An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that co ...)
-	- rails <unfixed> (bug #1011941)
+	- rails 2:6.1.6.1+dfsg-1 (bug #1011941)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533
 	NOTE: https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec (v6.1.5.1)
 	NOTE: https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508 (v6.0.4.8)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e1fdaf4472fc5d96805dca9c973e6124d889fe0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e1fdaf4472fc5d96805dca9c973e6124d889fe0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220823/d0dab278/attachment.htm>


More information about the debian-security-tracker-commits mailing list