[Git][security-tracker-team/security-tracker][master] Track fixed version for jruby issues via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Dec 4 09:37:24 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5ee3fa8 by Salvatore Bonaccorso at 2022-12-04T10:37:03+01:00
Track fixed version for jruby issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -113456,7 +113456,7 @@ CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7
 	- ruby2.7 2.7.4-1 (bug #990815)
 	- ruby2.5 <removed>
 	- ruby2.3 <removed>
-	- jruby <unfixed> (bug #1014818)
+	- jruby 9.3.9.0+ds-1 (bug #1014818)
 	[buster] - jruby <no-dsa> (Minor issue)
 	[stretch] - jruby <no-dsa> (Minor issue)
 	NOTE: https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/
@@ -114385,7 +114385,7 @@ CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7
 	- ruby2.7 2.7.4-1 (bug #990815)
 	- ruby2.5 <removed>
 	- ruby2.3 <removed>
-	- jruby <unfixed> (bug #1014818)
+	- jruby 9.3.9.0+ds-1 (bug #1014818)
 	[buster] - jruby <no-dsa> (Minor issue)
 	[stretch] - jruby <no-dsa> (Minor issue)
 	NOTE: https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
@@ -162175,7 +162175,7 @@ CVE-2020-25613 (An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6
 	- ruby2.5 <removed>
 	[buster] - ruby2.5 2.5.5-3+deb10u3
 	- ruby2.3 <removed>
-	- jruby <unfixed> (bug #972230)
+	- jruby 9.3.9.0+ds-1 (bug #972230)
 	[buster] - jruby <no-dsa> (Minor issue)
 	NOTE: https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
 	NOTE: Fix in webrick: https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7
@@ -235204,7 +235204,7 @@ CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4
 	- ruby2.5 2.5.7-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
-	- jruby <unfixed> (bug #972230)
+	- jruby 9.3.9.0+ds-1 (bug #972230)
 	[buster] - jruby <no-dsa> (Minor issue)
 	NOTE: https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
 	NOTE: ruby2.5: https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
@@ -235213,7 +235213,7 @@ CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4
 	- ruby2.5 2.5.7-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
-	- jruby <unfixed> (bug #972230)
+	- jruby 9.3.9.0+ds-1 (bug #972230)
 	[buster] - jruby <no-dsa> (Minor issue)
 	NOTE: https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc
 	NOTE: https://hackerone.com/reports/331984
@@ -235405,7 +235405,7 @@ CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x throu
 	- ruby2.5 2.5.7-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
-	- jruby <unfixed> (bug #972230)
+	- jruby 9.3.9.0+ds-1 (bug #972230)
 	[buster] - jruby <no-dsa> (Minor issue)
 	NOTE: https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03
 	NOTE: https://hackerone.com/reports/661722
@@ -328296,7 +328296,7 @@ CVE-2017-17743 (Improper input sanitization within the restricted administration
 	NOT-FOR-US: UCOPIA Wireless Appliance
 CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x befo ...)
 	{DSA-4259-1 DLA-2330-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
-	- jruby <unfixed> (bug #972230)
+	- jruby 9.3.9.0+ds-1 (bug #972230)
 	[buster] - jruby <no-dsa> (Minor issue)
 	- ruby2.5 2.5.1-1
 	- ruby2.3 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5ee3fa81874bb13bc0781a747927ffc27a4e98a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5ee3fa81874bb13bc0781a747927ffc27a4e98a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221204/dd4a95ea/attachment.htm>

More information about the debian-security-tracker-commits mailing list