[Git][security-tracker-team/security-tracker][master] Add CVE-2024-54133/rails

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd30b21a by Salvatore Bonaccorso at 2024-12-12T10:34:55+01:00
Add CVE-2024-54133/rails

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -617,7 +617,12 @@ CVE-2024-55655 (sigstore-python is a Python tool for generating and verifying Si
 CVE-2024-55653 (PwnDoc is a penetration test report generator. In versions up to and i ...)
 	NOT-FOR-US: PwnDoc
 CVE-2024-54133 (Action Pack is a framework for handling and responding to web requests ...)
-	TODO: check
+	- rails <unfixed>
+	NOTE: https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v
+	NOTE: https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49 (v8.0.0.1)
+	NOTE: https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a (v7.2.2.1)
+	NOTE: https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542 (v7.1.5.1)
+	NOTE: https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d (v7.0.8.7)
 CVE-2024-54051 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL  ...)
 	NOT-FOR-US: Adobe
 CVE-2024-54050 (Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd30b21a22dd127670ac744f5a1b0971f253e2c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd30b21a22dd127670ac744f5a1b0971f253e2c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241212/fb3b28bc/attachment.htm>