[Git][security-tracker-team/security-tracker][master] Reserve DLA-3298-1 for ruby-rack
Utkarsh Gupta (@utkarsh)
utkarsh at debian.org
Mon Jan 30 21:50:28 GMT 2023
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits:
66debdde by Utkarsh Gupta at 2023-01-31T03:20:06+05:30
Reserve DLA-3298-1 for ruby-rack
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -219706,7 +219706,6 @@ CVE-2020-8185 (A denial of service vulnerability exists in Rails <6.0.3.2 tha
CVE-2020-8184 (A reliance on cookies without validation/integrity check security vuln ...)
{DLA-2275-1}
- ruby-rack 2.1.1-6 (bug #963477)
- [buster] - ruby-rack <no-dsa> (Minor issue)
NOTE: https://hackerone.com/reports/895727
NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
CVE-2020-8183 (A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of ...)
@@ -219806,7 +219805,6 @@ CVE-2020-8162 (A client side enforcement of server side security vulnerability e
CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0 that all ...)
{DLA-2275-1 DLA-2216-1}
- ruby-rack 2.1.1-5
- [buster] - ruby-rack <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ
NOTE: Fixed by: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e
NOTE: Required followup: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Jan 2023] DLA-3298-1 ruby-rack - security update
+ {CVE-2020-8161 CVE-2020-8184 CVE-2022-44570 CVE-2022-44571 CVE-2022-44572}
+ [buster] - ruby-rack 2.0.6-3+deb10u2
[31 Jan 2023] DLA-3297-1 tiff - security update
{CVE-2022-48281}
[buster] - tiff 4.1.0+git191117-2~deb10u6
=====================================
data/dla-needed.txt
=====================================
@@ -276,10 +276,6 @@ ring
ruby-loofah
NOTE: 20221231: Programming language: Ruby.
--
-ruby-rack (Utkarsh)
- NOTE: 20230129: Programming language: Ruby.
- NOTE: 20230129: VCS: https://salsa.debian.org/lts-team/packages/ruby-rack.git
---
ruby-rails-html-sanitizer
NOTE: 20221231: Programming language: Ruby.
NOTE: 20221231: VCS: https://salsa.debian.org/lts-team/packages/ruby-rails-html-sanitizer.git
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66debdde9414db2fe10477797b161ef8564408bf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66debdde9414db2fe10477797b161ef8564408bf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230130/43c23647/attachment.htm>
More information about the debian-security-tracker-commits
mailing list