[Git][security-tracker-team/security-tracker][master] CVE-2024-27280/ruby: explain the additional v3.0.1.2 commit

Sat Jul 27 16:51:27 BST 2024


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
663ec183 by Sylvain Beucler at 2024-07-27T17:50:53+02:00
CVE-2024-27280/ruby: explain the additional v3.0.1.2 commit

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39350,6 +39350,7 @@ CVE-2024-27280 (A buffer-overread issue was discovered in StringIO 3.0.1, as dis
 	NOTE: https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/
 	NOTE: https://github.com/ruby/stringio/commit/a35268a3ac1b5f0058e5b7c1a041a7e86d9da067 (v3.0.3)
 	NOTE: https://github.com/ruby/stringio/commit/c58c5f54f1eab99665ea6a161d29ff6a7490afc8 (v3.0.1.1)
+	NOTE: Do not confuse with bugfix for https://bugs.ruby-lang.org/issues/19389:
 	NOTE: https://github.com/ruby/stringio/commit/0e596524097706263d10900ca180898e4a8f5233 (v3.0.1.2)
 CVE-2024-30161 (In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be acce ...)
 	- qt6-base <not-affected> (wasm target not built/buildable with Debian package, see bug #1068454)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/663ec183ae3e214cd7879dedf9c20b04468189a8

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/663ec183ae3e214cd7879dedf9c20b04468189a8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240727/31bc4534/attachment.htm>
