[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-5420,rails: Jessie is not affected

Sat, 30 Mar 2019 10:50:11 -0700 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ba732fcd by Markus Koschany at 2019-03-30T17:48:07Z
CVE-2019-5420,rails: Jessie is not affected

The vulnerable code is not present in the 4.x branch of rails.

- - - - -
9126ab66 by Markus Koschany at 2019-03-30T17:49:09Z
Reserve DLA-1739-1 for rails

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -13282,6 +13282,7 @@ CVE-2019-5421
        RESERVED
 CVE-2019-5420 (A remote code execution vulnerability in development mode Rails 
<5. ...)
        - rails 2:5.2.2.1+dfsg-1 (bug #924521)
+       [jessie] - <not-affected> (vulnerable code is not present in 4.x)
        NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/3
 CVE-2019-5419 (There is a possible denial of service vulnerability in Action 
View (Ra ...)
        - rails 2:5.2.2.1+dfsg-1 (bug #924520)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Mar 2019] DLA-1739-1 rails - security update
+       {CVE-2019-5418 CVE-2019-5419}
+       [jessie] - rails 2:4.1.8-1+deb8u5
 [30 Mar 2019] DLA-1738-1 gpsd - security update
        {CVE-2018-17937}
        [jessie] - gpsd 3.11-3+deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -89,8 +89,6 @@ python3.4 (Roberto C. Sánchez)
 qemu
   NOTE: CVE-2018-19665: wait for final patch
 --
-rails (Markus Koschany)
---
 sox
   NOTE: 20190305: CVE-2019-835{4,5,6,7} no upstream patch yet, might take some 
time.
   NOTE: Check again later. - hle



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/b025eec89ff3e80d119c878c68e694807aa63f8b...9126ab66386d45e266e4bf9e98d8d20205893f51

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/b025eec89ff3e80d119c878c68e694807aa63f8b...9126ab66386d45e266e4bf9e98d8d20205893f51
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to