[Git][security-tracker-team/security-tracker][master] Reserve DLA-3298-1 for ruby-rack

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Mon Jan 30 21:50:28 GMT 2023



Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66debdde by Utkarsh Gupta at 2023-01-31T03:20:06+05:30
Reserve DLA-3298-1 for ruby-rack

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -219706,7 +219706,6 @@ CVE-2020-8185 (A denial of service vulnerability exists in Rails <6.0.3.2 tha
 CVE-2020-8184 (A reliance on cookies without validation/integrity check security vuln ...)
 	{DLA-2275-1}
 	- ruby-rack 2.1.1-6 (bug #963477)
-	[buster] - ruby-rack <no-dsa> (Minor issue)
 	NOTE: https://hackerone.com/reports/895727
 	NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
 CVE-2020-8183 (A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of ...)
@@ -219806,7 +219805,6 @@ CVE-2020-8162 (A client side enforcement of server side security vulnerability e
 CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0 that all ...)
 	{DLA-2275-1 DLA-2216-1}
 	- ruby-rack 2.1.1-5
-	[buster] - ruby-rack <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ
 	NOTE: Fixed by: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e
 	NOTE: Required followup: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Jan 2023] DLA-3298-1 ruby-rack - security update
+	{CVE-2020-8161 CVE-2020-8184 CVE-2022-44570 CVE-2022-44571 CVE-2022-44572}
+	[buster] - ruby-rack 2.0.6-3+deb10u2
 [31 Jan 2023] DLA-3297-1 tiff - security update
 	{CVE-2022-48281}
 	[buster] - tiff 4.1.0+git191117-2~deb10u6


=====================================
data/dla-needed.txt
=====================================
@@ -276,10 +276,6 @@ ring
 ruby-loofah
   NOTE: 20221231: Programming language: Ruby.
 --
-ruby-rack (Utkarsh)
-  NOTE: 20230129: Programming language: Ruby.
-  NOTE: 20230129: VCS: https://salsa.debian.org/lts-team/packages/ruby-rack.git
---
 ruby-rails-html-sanitizer
   NOTE: 20221231: Programming language: Ruby.
   NOTE: 20221231: VCS: https://salsa.debian.org/lts-team/packages/ruby-rails-html-sanitizer.git



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66debdde9414db2fe10477797b161ef8564408bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66debdde9414db2fe10477797b161ef8564408bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230130/43c23647/attachment.htm>


More information about the debian-security-tracker-commits mailing list