[Git][security-tracker-team/security-tracker][master] ruby DSAs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab3e16b5 by Moritz Mühlenhoff at 2022-02-03T20:13:41+01:00
ruby DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -46854,7 +46854,6 @@ CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7
 	{DLA-2780-1}
 	- ruby2.7 2.7.4-1 (bug #990815)
 	- ruby2.5 <removed>
-	[buster] - ruby2.5 <no-dsa> (Minor issue)
 	- ruby2.3 <removed>
 	- jruby <unfixed>
 	[buster] - jruby <no-dsa> (Minor issue)
@@ -47773,7 +47772,6 @@ CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7
 	{DLA-2780-1}
 	- ruby2.7 2.7.4-1 (bug #990815)
 	- ruby2.5 <removed>
-	[buster] - ruby2.5 <no-dsa> (Minor issue)
 	- ruby2.3 <removed>
 	- jruby <unfixed>
 	[buster] - jruby <no-dsa> (Minor issue)
@@ -47835,7 +47833,6 @@ CVE-2021-31799 (In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby
 	{DLA-2780-1}
 	- ruby2.7 2.7.4-1 (bug #990815)
 	- ruby2.5 <removed>
-	[buster] - ruby2.5 <no-dsa> (Minor issue)
 	- ruby2.3 <removed>
 	NOTE: Introduced in (rdoc): https://github.com/ruby/rdoc/commit/4a8b7bed7cd5647db92c620bc6f33e4c309d2212 (v3.11)
 	NOTE: Fixed in (rdoc): https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7 (v6.3.1)
@@ -55223,7 +55220,6 @@ CVE-2021-28966 (In Ruby through 3.0 on Windows, a remote attacker can submit a c
 CVE-2021-28965 (The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, a ...)
 	- ruby2.7 2.7.3-1 (bug #986807)
 	- ruby2.5 <removed>
-	[buster] - ruby2.5 <postponed> (Minor issue, can be fixed along with next update)
 	- ruby2.3 <removed>
 	[stretch] - ruby2.3 <postponed> (Minor issue; can be fixed in next update)
 	[experimental] - ruby-rexml 3.2.5-1


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,9 @@
+[03 Feb 2022] DSA-5067-1 ruby2.7 - security update
+	{CVE-2021-41816 CVE-2021-41817 CVE-2021-41819}
+	[bullseye] - ruby2.7 2.7.4-1+deb11u1
+[03 Feb 2022] DSA-5066-1 ruby2.5 - security update
+	{CVE-2021-28965 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-41817 CVE-2021-41819}
+	[buster] - ruby2.5 2.5.5-3+deb10u4
 [31 Jan 2022] DSA-5065-1 ipython - security update
 	{CVE-2022-21699}
 	[buster] - ipython 5.8.0-1+deb10u1


=====================================
data/dsa-needed.txt
=====================================
@@ -46,14 +46,6 @@ python-pysaml2 (jmm)
 rpki-client/stable
   new 7.6 release required libretls, which isn't in Bullseye
 --
-ruby2.5/oldstable
-  Utkarsh proposed the update for fixing CVE-2021-31799, CVE-2021-32066,
-  CVE-2021-31810, CVE-2021-41817, CVE-2021-41819, and CVE-2021-28965.
---
-ruby2.7/stable
-  Utkarsh proposed the update for fixing CVE-2021-41816, CVE-2021-41817,
-  and CVE-2021-41819.
---
 runc
 --
 samba (carnil)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3e16b5004572b8ef1a0531da198d4d0150de8f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3e16b5004572b8ef1a0531da198d4d0150de8f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220203/174322fc/attachment.htm>