[Git][security-tracker-team/security-tracker][master] Add CVE-2022-31033/ruby-mechanize

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a3014a8 by Salvatore Bonaccorso at 2022-06-11T14:17:53+02:00
Add CVE-2022-31033/ruby-mechanize

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5024,7 +5024,11 @@ CVE-2022-31035
 CVE-2022-31034
 	RESERVED
 CVE-2022-31033 (The Mechanize library is used for automating interaction with websites ...)
-	TODO: check
+	- ruby-mechanize <unfixed>
+	NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9
+	NOTE: Prerequisite to clear credential headers when redirecting to cross site
+	NOTE: https://github.com/sparklemotion/mechanize/commit/17e5381032c90caf240ac3d2e52b353f40c18d83 (v2.8.0)
+	NOTE: Fixed by: https://github.com/sparklemotion/mechanize/commit/907c778001625cb9daa686d5019c939cb416e45b (v2.8.5)
 CVE-2022-31032
 	RESERVED
 CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a3014a805c7b9c34ae23ef1c872f21866301491

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a3014a805c7b9c34ae23ef1c872f21866301491
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220611/413e8819/attachment-0001.htm>