[Git][security-tracker-team/security-tracker][master] CVE-2023-33460 does not affect ruby-yajl
Tobias Frost (@tobi)
tobi at debian.org
Wed Jul 5 16:54:35 BST 2023
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9513f0d4 by Tobias Frost at 2023-07-05T17:54:17+02:00
CVE-2023-33460 does not affect ruby-yajl
ruby-yail embeds yajl version 1.0.12 (https://github.com/brianmario/yajl-ruby/blob/master/ext/yajl/api/yajl_version.h),
vulnerability intdroduced in version 2.0.0 (https://github.com/lloyd/yajl/commit/cfa9f8f)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3047,10 +3047,12 @@ CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse
[bookworm] - r-cran-jsonlite <no-dsa> (Minor issue)
[bullseye] - r-cran-jsonlite <no-dsa> (Minor issue)
[buster] - r-cran-jsonlite <postponed> (Minor issue; fix only after newer releases got a fix)
- - ruby-yajl <unfixed>
+ - ruby-yajl <not-affected> (ruby-yajl embeds non-affected old version of yajl)
[bookworm] - ruby-yajl <no-dsa> (Minor issue)
[bullseye] - ruby-yajl <no-dsa> (Minor issue)
[buster] - ruby-yajl <no-dsa> (Minor issue)
+ NOTE: Introduced in yajl at version 2.0.0 with commit https://github.com/lloyd/yajl/commit/cfa9f8f
+ NOTE: ruby-yail embeds yajl version 1.0.12 (https://github.com/brianmario/yajl-ruby/blob/master/ext/yajl/api/yajl_version.h)
CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , ...)
NOT-FOR-US: Sogou Workflow
CVE-2023-33381 (A command injection vulnerability was found in the ping functionality ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9513f0d40c879bdba6909e72bc63741a78135335
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9513f0d40c879bdba6909e72bc63741a78135335
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230705/1d8d1588/attachment.htm>
More information about the debian-security-tracker-commits
mailing list