[Git][security-tracker-team/security-tracker][master] Update ruby-rack information with last unstable upload
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 20 06:59:48 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
323435a3 by Salvatore Bonaccorso at 2025-03-20T07:59:23+01:00
Update ruby-rack information with last unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2140,7 +2140,7 @@ CVE-2025-27911 (An issue was discovered in Datalust Seq before 2024.3.13545. Exp
CVE-2025-27910 (tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CS ...)
NOT-FOR-US: tianti
CVE-2025-27610 (Rack provides an interface for developing web applications in Ruby. Pr ...)
- - ruby-rack <unfixed> (bug #1100444)
+ - ruby-rack 3.1.12-1 (bug #1100444)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
NOTE: Fixed by: https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583 (main)
NOTE: Fixed by: https://github.com/rack/rack/commit/70cb3228c755c2d066c108a9c59fbe67aff8e889 (v3.1.12)
@@ -3589,7 +3589,7 @@ CVE-2025-27155 (Pinecone is an experimental overlay routing protocol suite which
CVE-2025-27150 (Tuleap is an Open Source Suite to improve management of software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-27111 (Rack is a modular Ruby web server interface. The Rack::Sendfile middle ...)
- - ruby-rack <unfixed> (bug #1099546)
+ - ruby-rack 3.1.12-1 (bug #1099546)
[bullseye] - ruby-rack <postponed> (Minor issue, log injection)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
NOTE: Fixed by: https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3 (v2.2.12)
@@ -11901,10 +11901,13 @@ CVE-2025-25199 (go-crypto-winnative Go crypto backend for Windows using Cryptogr
CVE-2025-25198 (mailcow: dockerized is an open source groupware/email suite based on d ...)
NOT-FOR-US: mailcow
CVE-2025-25184 (Rack provides an interface for developing web applications in Ruby. Pr ...)
- - ruby-rack <unfixed> (bug #1098257)
+ - ruby-rack 3.1.12-1 (bug #1098257)
[bullseye] - ruby-rack <postponed> (Minor issue)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
- NOTE: https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
+ NOTE: https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e (main)
+ NOTE: https://github.com/rack/rack/commit/4aa19786a0aad7ff2ca66eeaede4a257cc7b0726 (v3.1.10)
+ NOTE: https://github.com/rack/rack/commit/d00d195371c959e917855f6168a1b144b0f35da2 (v3.0.12)
+ NOTE: https://github.com/rack/rack/commit/f8b41c1dba33ec96b886e57505c149c36d56662b (v2.2.11)
CVE-2025-25182 (Stroom is a data processing, storage and analysis platform. A vulnerab ...)
NOT-FOR-US: Stroom
CVE-2025-1244 (A command injection flaw was found in the text editor Emacs. It could ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/323435a35f2191d6bc68c5c5d04cb6f1fd3d2797
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/323435a35f2191d6bc68c5c5d04cb6f1fd3d2797
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/7347dfbc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list