[Git][security-tracker-team/security-tracker][master] CVE-2022-32224/bullseye [rails]

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
10b3d6f9 by Bastien Roucariès at 2025-11-23T11:59:02+01:00
CVE-2022-32224/bullseye [rails]

According to commit:
  We conditionally fallback to the correct unsafe load if use_yaml_unsafe_load
  is set to true. unsafe_load was introduced in Psych >= 4.0.0

This is verified by debusine prebuild test on bullseye
https://debusine.debian.net/debian/developers/artifact/2680156/file/log

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -321625,6 +321625,7 @@ CVE-2022-32224 (A possible escalation to RCE vulnerability exists when using YAM
 	NOTE: Fixed by: https://github.com/rails/rails/commit/8ce4bd1be83c08c30c34af4d0f1a726066128176 (v6.1.6.1)
 	NOTE: Fixed by: https://github.com/rails/rails/commit/d28f278788b599c0a9f6e3ea437c6642eb56f16c (v6.0.5.1)
 	NOTE: Fixed by: https://github.com/rails/rails/commit/6576aa7bbcf52ebd39853363e29f92b4dd53b6f1 (v5.2.8.1)
+	NOTE: Break compatibility and need ruby-psych (>= 4.0.0)
 CVE-2022-32223 (Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under ce ...)
 	- nodejs <not-affected> (Only affects Windows)
 	NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dll-hijacking-on-windows-high-cve-2022-32223



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10b3d6f9ac56ebafd59a82d9a8204e5fa1a1119d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10b3d6f9ac56ebafd59a82d9a8204e5fa1a1119d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251123/d4203f88/attachment.htm>