[Git][security-tracker-team/security-tracker][master] Update status for jruby issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 9 23:04:15 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8f6beaf6 by Salvatore Bonaccorso at 2023-12-10T00:03:13+01:00
Update status for jruby issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24742,9 +24742,7 @@ CVE-2023-36617 (A ReDoS issue was discovered in the URI component before 0.12.2
 	- ruby2.7 <not-affected> (Incomplete fix never applied)
 	- ruby2.5 <removed>
 	[buster] - ruby2.5 <postponed> (Minor issue, ReDoS)
-	- jruby <unfixed>
-	[bookworm] - jruby <not-affected> (Incomplete fix never applied)
-	[bullseye] - jruby <not-affected> (Incomplete fix never applied)
+	- jruby <not-affected> (Incomplete fix not applied, covered by CVE-2023-28755)
 	[buster] - jruby <postponed> (Minor issue, ReDoS)
 	NOTE: https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/
 	NOTE: https://github.com/ruby/uri/commit/9010ee2536adda10a0555ae1ed6fe2f5808e6bf1
@@ -38374,6 +38372,7 @@ CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1
 	- ruby3.1 <unfixed> (bug #1038408)
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>
+	[experimental] - jruby 9.4.3.0+ds-1~exp1
 	- jruby <unfixed> (bug #1036283)
 	[bookworm] - jruby <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e (v3_1_4)
@@ -38388,6 +38387,7 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0
 	- ruby3.1 <unfixed> (bug #1038408)
 	- ruby2.7 <removed>
 	- ruby2.5 <removed>
+	[experimental] - jruby 9.4.3.0+ds-1~exp1
 	- jruby <unfixed> (bug #1036283)
 	[bookworm] - jruby <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300 (v3_1_4)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f6beaf6fea0e5227e71f169df045f83f77e5bf1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f6beaf6fea0e5227e71f169df045f83f77e5bf1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231209/63bf1805/attachment.htm>

More information about the debian-security-tracker-commits mailing list