[Git][security-tracker-team/security-tracker][master] 2 commits: Mark fixed version for CVE-2018-12029/passenger in stretch

Sun, 24 Mar 2019 03:57:24 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2b8979d7 by Salvatore Bonaccorso at 2019-03-24T10:55:41Z
Mark fixed version for CVE-2018-12029/passenger in stretch

It will not be listed in the DSA as the ngnix module is unbuild but we
went ahead still to fix it source wise in the 5.0.30-1.1 and
5.0.30-1+deb9u1 upload.

- - - - -
7c73dd28 by Salvatore Bonaccorso at 2019-03-24T10:56:36Z
Reserve DSA number for passenger update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -45757,6 +45757,7 @@ CVE-2018-12030 (Chevereto Free before 1.0.13 has XSS. 
...)
 CVE-2018-12029 (A race condition in the nginx module in Phusion Passenger 3.x 
through  ...)
        {DLA-1399-1}
        - passenger 5.0.30-1.1 (bug #921767; unimportant)
+       [stretch] - passenger 5.0.30-1+deb9u1
        - ruby-passenger <removed> (unimportant)
        NOTE: 
https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
        NOTE: 
https://github.com/phusion/passenger/commit/207870f5b7f5cc240587ab0977d6046782ae1d86
 (release-5.3.2)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Mar 2019] DSA-4415-1 passenger - security update
+       {CVE-2017-16355}
+       [stretch] - passenger 5.0.30-1+deb9u1
 [23 Mar 2019] DSA-4414-1 libapache2-mod-auth-mellon - security update
        {CVE-2019-3877 CVE-2019-3878}
        [stretch] - libapache2-mod-auth-mellon 0.12.0-2+deb9u1


=====================================
data/dsa-needed.txt
=====================================
@@ -50,8 +50,6 @@ mercurial
 nss
   Roberto proposed an update including fixes for CVE-2018-12404 and 
CVE-2018-18508
 --
-passenger (carnil)
---
 pdns
 --
 putty



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/248896591ea92c257a8402c24ef4437794078ce4...7c73dd287b076794a8cc418071ae712a7864ce9c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/248896591ea92c257a8402c24ef4437794078ce4...7c73dd287b076794a8cc418071ae712a7864ce9c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to