[Git][security-tracker-team/security-tracker][master] new ruby-saml issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ead396d6 by Moritz Muehlenhoff at 2024-09-12T17:21:08+02:00
new ruby-saml issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -362,7 +362,10 @@ CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser <1.2
 CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by providing a ...)
 	NOT-FOR-US: Yeti
 CVE-2024-45409 (The Ruby SAML library is for implementing the client side of a SAML au ...)
-	TODO: check
+	- ruby-saml <unfixed>
+	NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
+	NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae
+	NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7
 CVE-2024-45407 (Sunshine is a self-hosted game stream host for Moonlight. Clients that ...)
 	NOT-FOR-US: Sunshine
 CVE-2024-45393 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ead396d6bca5510268255904ac58e1bc2b075083

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ead396d6bca5510268255904ac58e1bc2b075083
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240912/ee596952/attachment.htm>