Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8e394487 by Moritz Muehlenhoff at 2019-05-29T08:42:45Z
jruby fixed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10987,7 +10987,7 @@ CVE-2019-8325 [Escape sequence injection vulnerability
in errors]
- ruby2.3 <removed>
- ruby2.1 <removed>
- rubygems <removed>
- - jruby <unfixed> (bug #925987)
+ - jruby 9.1.17.0-3 (bug #925987)
NOTE:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -10998,7 +10998,7 @@ CVE-2019-8324 [Installing a malicious gem may lead to
arbitrary code execution]
- ruby2.3 <removed>
- ruby2.1 <removed>
- rubygems <removed>
- - jruby <unfixed> (bug #925987)
+ - jruby 9.1.17.0-3 (bug #925987)
NOTE:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -11009,7 +11009,7 @@ CVE-2019-8323 [Escape sequence injection vulnerability
in API response handling]
- ruby2.3 <removed>
- ruby2.1 <removed>
- rubygems <removed>
- - jruby <unfixed> (bug #925987)
+ - jruby 9.1.17.0-3 (bug #925987)
NOTE:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -11020,7 +11020,7 @@ CVE-2019-8322 [Escape sequence injection vulnerability
in gem owner]
- ruby2.3 <removed>
- ruby2.1 <removed>
- rubygems <removed>
- - jruby <unfixed> (bug #925987)
+ - jruby 9.1.17.0-3 (bug #925987)
NOTE:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -11032,7 +11032,7 @@ CVE-2019-8321 [Escape sequence injection vulnerability
in verbose]
- ruby2.1 <removed>
[jessie] - ruby2.1 <not-affected> (Vulnerable code introduced later)
- rubygems <removed>
- - jruby <unfixed> (bug #925987)
+ - jruby 9.1.17.0-3 (bug #925987)
NOTE:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -11043,7 +11043,7 @@ CVE-2019-8320 [Delete directory using symlink when
decompressing tar]
- ruby2.3 <removed>
- ruby2.1 <removed>
- rubygems <removed>
- - jruby <unfixed> (bug #925987)
+ - jruby 9.1.17.0-3 (bug #925987)
[jessie] - jruby <not-affected> (Vulnerable code introduced later)
NOTE:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e3944874442c3a0668722af3d1c6f8da825a782
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e3944874442c3a0668722af3d1c6f8da825a782
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
