[Git][security-tracker-team/security-tracker][master] Three rails issues fixed in unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 23 20:12:15 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e1fdaf4 by Salvatore Bonaccorso at 2022-08-23T21:11:46+02:00
Three rails issues fixed in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16595,7 +16595,7 @@ CVE-2022-32225 (A reflected DOM-Based XSS vulnerability has been discovered in t
NOT-FOR-US: Veeam
CVE-2022-32224
RESERVED
- - rails <unfixed> (bug #1016140)
+ - rails 2:6.1.6.1+dfsg-1 (bug #1016140)
NOTE: https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
NOTE: Fixed by: https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a (main)
NOTE: Fixed by: https://github.com/rails/rails/commit/8ce4bd1be83c08c30c34af4d0f1a726066128176 (v6.1.6.1)
@@ -29918,7 +29918,7 @@ CVE-2022-27778 (A use of incorrectly resolved name vulnerability fixed in 7.83.1
NOTE: https://curl.se/docs/CVE-2022-27778.html
NOTE: Fixed by: https://github.com/curl/curl/commit/8c7ee9083d0d719d0a77ab20d9cc2ae84eeea7f3 (curl-7_83_1)
CVE-2022-27777 (A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5. ...)
- - rails <unfixed> (bug #1016982)
+ - rails 2:6.1.6.1+dfsg-1 (bug #1016982)
NOTE: https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534
NOTE: Fixed by: https://github.com/rails/rails/commit/123f42a573f7fcbf391885c135ca809f21615180 (v6.1.5.1)
NOTE: Regression fix: https://github.com/rails/rails/commit/7c2da9e51c5c02643f30d83aaad3ed5062adcad8 (6.1.6)
@@ -46656,7 +46656,7 @@ CVE-2022-22579 (An information disclosure issue was addressed with improved stat
CVE-2022-22578 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2022-22577 (An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that co ...)
- - rails <unfixed> (bug #1011941)
+ - rails 2:6.1.6.1+dfsg-1 (bug #1011941)
NOTE: https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533
NOTE: https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec (v6.1.5.1)
NOTE: https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508 (v6.0.4.8)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e1fdaf4472fc5d96805dca9c973e6124d889fe0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e1fdaf4472fc5d96805dca9c973e6124d889fe0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220823/d0dab278/attachment.htm>
More information about the debian-security-tracker-commits
mailing list