Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
646c46ca by Salvatore Bonaccorso at 2018-12-30T07:47:34Z
Reference fix for CVE-2018-16468/ruby-loofah
- - - - -
589c5043 by Salvatore Bonaccorso at 2018-12-30T07:48:08Z
CVE-2018-16468/ruby-loofah fixed in unstable via new upstream version
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17336,8 +17336,9 @@ CVE-2018-16470 (There is a possible DoS vulnerability
in the multipart parser in
CVE-2018-16469 (The merge.recursive function in the merge package v <1.2
can be ...)
NOT-FOR-US: merge package v
CVE-2018-16468 (In the Loofah gem for Ruby, through v2.2.2, unsanitized
JavaScript may ...)
- - ruby-loofah <unfixed> (bug #912398)
+ - ruby-loofah 2.2.3-1 (bug #912398)
NOTE: https://github.com/flavorjones/loofah/issues/154
+ NOTE:
https://github.com/flavorjones/loofah/commit/71e4b5434fbcb2ad87643f0c9fecfc3a847943c4
(v2.2.3)
CVE-2018-16467 (A missing check in Nextcloud Server prior to 14.0.0 could give
...)
- nextcloud <itp> (bug #835086)
CVE-2018-16466 (Improper revalidation of permissions in Nextcloud Server prior
to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/73460bb10a96a0636c01e464e0d8325472ff11fa...589c504326daf6c227a6b678ae493e665ff2e24e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/73460bb10a96a0636c01e464e0d8325472ff11fa...589c504326daf6c227a6b678ae493e665ff2e24e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
