Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
13ddf373 by security tracker role at 2019-04-17T08:10:17Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7799,7 +7799,7 @@ CVE-2019-8326
RESERVED
CVE-2019-8325 [Escape sequence injection vulnerability in errors]
RESERVED
- {DLA-1735-1}
+ {DSA-4433-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -7810,7 +7810,7 @@ CVE-2019-8325 [Escape sequence injection vulnerability in
errors]
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8324 [Installing a malicious gem may lead to arbitrary code execution]
RESERVED
- {DLA-1735-1}
+ {DSA-4433-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -7821,7 +7821,7 @@ CVE-2019-8324 [Installing a malicious gem may lead to
arbitrary code execution]
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8323 [Escape sequence injection vulnerability in API response
handling]
RESERVED
- {DLA-1735-1}
+ {DSA-4433-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -7832,7 +7832,7 @@ CVE-2019-8323 [Escape sequence injection vulnerability in
API response handling]
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8322 [Escape sequence injection vulnerability in gem owner]
RESERVED
- {DLA-1735-1}
+ {DSA-4433-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -7843,6 +7843,7 @@ CVE-2019-8322 [Escape sequence injection vulnerability in
gem owner]
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8321 [Escape sequence injection vulnerability in verbose]
RESERVED
+ {DSA-4433-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -7854,7 +7855,7 @@ CVE-2019-8321 [Escape sequence injection vulnerability in
verbose]
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8320 [Delete directory using symlink when decompressing tar]
RESERVED
- {DLA-1735-1}
+ {DSA-4433-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -10665,8 +10666,7 @@ CVE-2019-7156 (In libdoc through 2019-01-28,
calcFileBlockOffset in ole.c allows
- catdoc <unfixed> (unimportant)
NOTE: https://github.com/uvoteam/libdoc/issues/5
NOTE: catdoc embeds the code; crash in CLI tool, no security impact
-CVE-2019-7155
- RESERVED
+CVE-2019-7155 (An issue was discovered in GitLab Community and Enterprise
Edition 9.x ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE:
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-7154 (The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has
a heap- ...)
@@ -12892,7 +12892,7 @@ CVE-2019-6253
RESERVED
CVE-2019-6252
RESERVED
-CVE-2019-6251 (embed/ephy-web-view.c in GNOME Web (aka Epiphany) through
3.31.4 allow ...)
+CVE-2019-6251 (WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable
to add ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/13ddf37364219e5671160112db7460caec6e4820
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/13ddf37364219e5671160112db7460caec6e4820
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
