[Git][security-tracker-team/security-tracker][master] Reserve DLA-3989-1 for ruby-doorkeeper
Adrian Bunk (@bunk)
bunk at debian.org
Mon Dec 9 03:06:29 GMT 2024
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
de4db2d0 by Adrian Bunk at 2024-12-09T05:06:16+02:00
Reserve DLA-3989-1 for ruby-doorkeeper
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -125037,7 +125037,6 @@ CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Pri
[experimental] - ruby-doorkeeper 5.6.6-1
- ruby-doorkeeper 5.6.6-2 (bug #1038950)
[bookworm] - ruby-doorkeeper <no-dsa> (Minor issue)
- [bullseye] - ruby-doorkeeper <no-dsa> (Minor issue)
NOTE: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w
NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/1589
NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1646
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Dec 2024] DLA-3989-1 ruby-doorkeeper - security update
+ {CVE-2023-34246}
+ [bullseye] - ruby-doorkeeper 5.3.0-2+deb11u1
[09 Dec 2024] DLA-3988-1 jinja2 - security update
{CVE-2024-22195 CVE-2024-34064}
[bullseye] - jinja2 2.11.3-1+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -190,11 +190,6 @@ qemu (santiago)
NOTE: 20240815: CVE-2024-4467 fix also proposed for 12.7 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076504)
NOTE: 20241119: Bookworm PU in progress https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086572
--
-ruby-doorkeeper (Adrian Bunk)
- NOTE: 20241206: Added by coordinator (roberto)
- NOTE: 20241206: CVE-2023-34246 was fixed in buster, is still open (no-dsa) in bullseye and bookworm
- NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/165
---
ruby-sinatra
NOTE: 20241110: Added by Front-Desk (apo)
NOTE: 20241122: Was awaiting approved upstream fix; still working on package. (lamby)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de4db2d087c517927fc2417bd6728781c9de175c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de4db2d087c517927fc2417bd6728781c9de175c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241209/98f1188a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list