Santiago R.R. pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4280e403 by Santiago R.R at 2018-04-18T14:35:59+02:00
data/CVE/list: checked ruby1.8 related issues
- - - - -
a38cadc2 by Santiago R.R at 2018-04-18T14:36:47+02:00
Merge remote-tracking branch 'refs/remotes/origin/master'
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3327,6 +3327,7 @@ CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7,
2.4.x before 2.4.4, 2.
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
+ - ruby1.8 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
NOTE: https://hackerone.com/reports/302338
NOTE: Fixed by:
https://github.com/ruby/ruby/commit/bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8
@@ -3336,15 +3337,18 @@ CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before
2.3.7, 2.4.x before 2.4.4, 2.
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
+ - ruby1.8 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
NOTE: https://hackerone.com/reports/302997
NOTE: Fixed by:
https://github.com/ruby/ruby/commit/8794dec6a5f11adc5cdd19a5ee91ea6b0816763f
NOTE: Fixed by:
https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9
(2.2.10)
+ NOTE: ruby1.8: test examples from hackerone doesn't work.
ext/socket/socket.c:init_unixsock() uses SafeStringValue(path) though.
CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4,
2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
+ - ruby1.8 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
NOTE: https://hackerone.com/reports/298246
NOTE: Fixed by:
https://github.com/ruby/ruby/commit/d02b7bd864706fc2a40d83fb6014772ad3cc3b80
@@ -3354,6 +3358,7 @@ CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7,
2.4.x before 2.4.4, 2.
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
+ - ruby1.8 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/
CVE-2018-XXXX [Multiple vulnerabilities in CiviCRM]
- civicrm 4.7.30+dfsg-1 (bug #887330)
@@ -8442,6 +8447,7 @@ CVE-2018-6914 (Directory traversal vulnerability in the
Dir.mktmpdir method in t
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
+ - ruby1.8 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
NOTE: https://hackerone.com/reports/302298
NOTE: Fixed by:
https://github.com/ruby/ruby/commit/10b96900b90914b0cc1dba36f9736c038db2859d
@@ -18200,6 +18206,7 @@ CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7,
2.4.x before 2.4.4, 2.5.
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
+ - ruby1.8 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/
CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7
allows ...)
{DSA-4082-1 DSA-4073-1 DLA-1232-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/fd9872d0bbb2a49dcb9c14ea61744e36557fec25...a38cadc20f7f01ac15a7ddce42ec981ea3525d7e
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/fd9872d0bbb2a49dcb9c14ea61744e36557fec25...a38cadc20f7f01ac15a7ddce42ec981ea3525d7e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
