[Git][security-tracker-team/security-tracker][master] Reserve DLA-2996-1 for mruby
Abhijith PA (@abhijith)
abhijith at debian.org
Fri May 6 09:13:37 BST 2022
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a5729bd6 by Abhijith PA at 2022-05-06T13:43:14+05:30
Reserve DLA-2996-1 for mruby
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -134677,7 +134677,6 @@ CVE-2020-15867 (The git hook feature in Gogs 0.5.5 through 0.12.2 allows for aut
CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...)
- mruby 2.1.2-1 (bug #972051)
[buster] - mruby <no-dsa> (Minor issue)
- [stretch] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/issues/5042
NOTE: https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b (3.0.0-preview)
NOTE: https://github.com/mruby/mruby/commit/63956036e116ef6a33a91e16348c4d1a09f6f72c (2.1.2-rc2)
@@ -248862,7 +248861,6 @@ CVE-2018-14338 (samples/geotag.cpp in the example code of Exiv2 0.26 misuses the
NOTE: Issue in example code of Exiv2
CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 ...)
- mruby 2.0.0-1 (low; bug #903985)
- [stretch] - mruby <no-dsa> (Minor issue)
[jessie] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/issues/4062
NOTE: https://github.com/mruby/mruby/commit/695f29cd604787f43be1af16e38d13610bf8312b
@@ -254205,7 +254203,6 @@ CVE-2018-12250 (An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sid
NOT-FOR-US: Elite CMS
CVE-2018-12249 (An issue was discovered in mruby 1.4.1. There is a NULL pointer derefe ...)
- mruby 1.4.1+20180622+git640fca32-1 (bug #901652)
- [stretch] - mruby <no-dsa> (Minor issue)
[jessie] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/commit/faa4eaf6803bd11669bc324b4c34e7162286bfa3
NOTE: https://github.com/mruby/mruby/issues/4037
@@ -255598,7 +255595,6 @@ CVE-2018-11744 (Cloudera Manager through 5.15 has Incorrect Access Control. ...)
NOT-FOR-US: Cloudera
CVE-2018-11743 (The init_copy function in kernel.c in mruby 1.4.1 makes initialize_cop ...)
- mruby 1.4.1+20180622+git640fca32-1 (bug #900845)
- [stretch] - mruby <no-dsa> (Minor issue)
[jessie] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d
NOTE: https://github.com/mruby/mruby/issues/4027
@@ -260044,7 +260040,6 @@ CVE-2018-10192 (IPVanish 3.0.11 for macOS suffers from a root privilege escalati
NOT-FOR-US: IPVanish for macOS
CVE-2018-10191 (In versions of mruby up to and including 1.4.0, an integer overflow ex ...)
- mruby 1.4.0+20180418+git54905e98-1 (bug #896020)
- [stretch] - mruby <no-dsa> (Minor issue)
[jessie] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/issues/3995
NOTE: https://github.com/mruby/mruby/commit/1905091634a6a2925c911484434448e568330626
@@ -312366,7 +312361,6 @@ CVE-2017-9528 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote
CVE-2017-9527 (The mark_context_stack function in gc.c in mruby through 1.2.0 allows ...)
[experimental] - mruby 1.2.0+20170601+git51e0e690-1
- mruby 1.3.0-1 (low; bug #865778)
- [stretch] - mruby <no-dsa> (Minor issue)
[jessie] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/issues/3486
NOTE: Fixed by: https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[06 May 2022] DLA-2996-1 mruby - security update
+ {CVE-2017-9527 CVE-2018-10191 CVE-2018-11743 CVE-2018-12249 CVE-2018-14337 CVE-2020-15866}
+ [stretch] - mruby 1.2.0+20161228+git30d5424a-1+deb9u1
[05 May 2022] DLA-2995-1 smarty3 - security update
{CVE-2021-21408 CVE-2021-29454}
[stretch] - smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u5
=====================================
data/dla-needed.txt
=====================================
@@ -111,9 +111,6 @@ mbedtls (Utkarsh)
NOTE: 20220502: will upload with 1 fix and mark the other one
NOTE: 20220502: as no-dsa today/tomorrow. (utkarsh)
--
-mruby (Abhijith PA)
- NOTE: https://people.debian.org/~abhijith/upload/mruby/mruby_1.2.0+20161228+git30d5424a-1+deb9u1.dsc (abhijith)
---
mutt (Utkarsh)
NOTE: 20220502: update prepared. smoke test pending. (utkarsh)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5729bd6d1e132d10990a4177253a211885771bc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5729bd6d1e132d10990a4177253a211885771bc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220506/1913fb14/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list