[Git][security-tracker-team/security-tracker][master] Add two new ruby-rack issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Oct 11 09:51:34 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f31f3ef7 by Salvatore Bonaccorso at 2025-10-11T10:51:12+02:00
Add two new ruby-rack issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -126,7 +126,11 @@ CVE-2025-61920 (Authlib is a Python library which builds OAuth and OpenID Connec
NOTE: https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9
NOTE: https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e (v1.6.5)
CVE-2025-61919 (Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ...)
- TODO: check
+ - ruby-rack <unfixed>
+ NOTE: https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm
+ NOTE: https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f (v3.2.3)
+ NOTE: https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db (v3.1.18)
+ NOTE: https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881 (v2.2.20)
CVE-2025-61864 (A use after free vulnerability exists in VS6ComFile!load_link_inf of V ...)
NOT-FOR-US: V-SFT
CVE-2025-61863 (An out-of-bounds read vulnerability exists in VS6ComFile!CSaveData::de ...)
@@ -146,7 +150,11 @@ CVE-2025-61857 (An out-of-bounds write vulnerability exists in VS6ComFile!CItemE
CVE-2025-61856 (A stack-based buffer overflow vulnerability exists in VS6ComFile!CV7Ba ...)
NOT-FOR-US: FUJI
CVE-2025-61780 (Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ...)
- TODO: check
+ - ruby-rack <unfixed>
+ NOTE: https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
+ NOTE: https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784 (v3.2.3)
+ NOTE: https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a (v3.1.18)
+ NOTE: https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85 (v2.2.20)
CVE-2025-61689 (HTTP.jl is an HTTP client and server functionality for the Julia progr ...)
TODO: check
CVE-2025-61505 (e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f31f3ef74737afa3626c220e0e6024d29e06f58e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f31f3ef74737afa3626c220e0e6024d29e06f58e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251011/f73cc6cb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list