[Git][security-tracker-team/security-tracker][master] Track fixed version for rails issues via unstable

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b305563a by Salvatore Bonaccorso at 2023-03-26T07:20:59+02:00
Track fixed version for rails issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2481,7 +2481,7 @@ CVE-2023-28121
 	RESERVED
 CVE-2023-28120
 	RESERVED
-	- rails <unfixed> (bug #1033262)
+	- rails 2:6.1.7.3+dfsg-1 (bug #1033262)
 	NOTE: https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70 (v6.1.7.3)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469
 CVE-2023-1348
@@ -14224,7 +14224,7 @@ CVE-2023-23914 (A cleartext transmission of sensitive information vulnerability
 	NOTE: https://github.com/curl/curl/pull/10138
 CVE-2023-23913
 	RESERVED
-	- rails <unfixed> (bug #1033263)
+	- rails 2:6.1.7.3+dfsg-1 (bug #1033263)
 	NOTE: https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd (v6.1.7.3)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468
 CVE-2023-23912 (A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earli ...)
@@ -17809,17 +17809,17 @@ CVE-2023-22797 (An open redirect vulnerability is fixed in Rails 7.0.4.1 with th
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-22797-possible-open-redirect-vulnerability-in-action-pack/82120
 CVE-2023-22796 (A regular expression based DoS vulnerability in Active Support <6.1 ...)
 	{DSA-5372-1}
-	- rails <unfixed> (bug #1030050)
+	- rails 2:6.1.7.3+dfsg-1 (bug #1030050)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
 	NOTE: https://github.com/rails/rails/commit/4b383e6936d7a72b5dc839f526c9a9aeb280acae (6-1-stable)
 CVE-2023-22795 (A regular expression based DoS vulnerability in Action Dispatch <6. ...)
 	{DSA-5372-1}
-	- rails <unfixed> (bug #1030050)
+	- rails 2:6.1.7.3+dfsg-1 (bug #1030050)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118
 	NOTE: https://github.com/rails/rails/commit/484fc9185db6c6a6a49ab458b11f9366da02bab2 (6-1-stable)
 CVE-2023-22794 (A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 rel ...)
 	{DSA-5372-1}
-	- rails <unfixed> (bug #1030050)
+	- rails 2:6.1.7.3+dfsg-1 (bug #1030050)
 	[buster] - rails <not-affected> (Only affects 6.x and later)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117
 	NOTE: https://github.com/rails/rails/commit/048e9fc05e18c91838a44e60175e475de8b2aad5 (6-1-stable)
@@ -17827,7 +17827,7 @@ CVE-2023-22793
 	RESERVED
 CVE-2023-22792 (A regular expression based DoS vulnerability in Action Dispatch <6. ...)
 	{DSA-5372-1}
-	- rails <unfixed> (bug #1030050)
+	- rails 2:6.1.7.3+dfsg-1 (bug #1030050)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
 	NOTE: https://github.com/rails/rails/commit/7a7f37f146aa977350cf914eba20a95ce371485f (6-1-stable)
 CVE-2023-22791
@@ -32710,7 +32710,7 @@ CVE-2022-44568
 CVE-2022-44567 (A command injection vulnerability exists in Rocket.Chat-Desktop <3. ...)
 	NOT-FOR-US: Rocket.Chat-Desktop
 CVE-2022-44566 (A denial of service vulnerability present in ActiveRecord's PostgreSQL ...)
-	- rails <unfixed> (bug #1030050)
+	- rails 2:6.1.7.3+dfsg-1 (bug #1030050)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
 	NOTE: https://github.com/rails/rails/commit/414eb337d142a9c61d7723ceb9b7c1ab30dff3ed (6-1-stable)
 CVE-2022-44565 (An improper access validation vulnerability exists in airMAX AC <8. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b305563ad0788c970d3bcc55269b18b401daeef1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b305563ad0788c970d3bcc55269b18b401daeef1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230326/6958cfde/attachment.htm>