[Git][security-tracker-team/security-tracker][master] CVE-2024-39908/REXML

Bastien Roucariès (@rouca) rouca at debian.org
Sat Jan 11 14:29:51 GMT 2025 


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ddf5ea78 by Bastien Roucariès at 2025-01-11T14:29:39+00:00
CVE-2024-39908/REXML

Add more information

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46484,6 +46484,17 @@ CVE-2024-39908 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has
 	- ruby2.7 <removed>
 	[bullseye] - ruby2.7 <postponed> (Minor issue, DoS)
 	NOTE: https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908/
+	NOTE: https://github.com/advisories/GHSA-4xqq-m2hx-25v8
+	NOTE: https://github.com/ruby/rexml/issues/232#issuecomment-2585211411
+	NOTE: Fixed by commit [1/9] https://github.com/ruby/rexml/commit/b8a5f4cd5c8fe29c65d7a00e67170223d9d2b50e
+	NOTE: Fixed by commit [2/9] https://github.com/ruby/rexml/commit/0af55fa49d4c9369f90f239a9571edab800ed36e
+	NOTE: Fixed by commit [3/9] https://github.com/ruby/rexml/commit/c1b64c174ec2e8ca2174c51332670e3be30c865f
+	NOTE: Fixed by commit [4/9] https://github.com/ruby/rexml/commit/9f1415a2616c77cad44a176eee90e8457b4774b6
+	NOTE: Fixed by commit [5/9] https://github.com/ruby/rexml/commit/c33ea498102be65082940e8b7d6d31cb2c6e6ee2
+	NOTE: Fixed by commit [6/9] https://github.com/ruby/rexml/commit/a79ac8b4b42a9efabe33a0be31bd82d33fd50347
+	NOTE: Fixed by commit [7/9] https://github.com/ruby/rexml/commit/67efb5951ed09dbb575c375b130a1e469f437d1f
+	NOTE: Fixed by commit [8/9] https://github.com/ruby/rexml/commit/1f1e6e9b40bf339894e843dfd679c2fb1a5ddbf2
+	NOTE: Fixed by commit [9/9] https://github.com/ruby/rexml/commit/910e5a2b487cb5a30989884a39f9cad2cc499cfc
 CVE-2024-39887 (An SQL Injection vulnerability in Apache Superset exists due to improp ...)
 	NOT-FOR-US: Apache Superset
 CVE-2024-39700 (JupyterLab extension template is a  `copier` template for JupyterLab e ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddf5ea7804560824c2dc92a82e6f152f7c9aa679

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddf5ea7804560824c2dc92a82e6f152f7c9aa679
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250111/4acf1d8c/attachment.htm>

More information about the debian-security-tracker-commits mailing list