ruby-simple-form

Salvatore Bonaccorso Wed, 02 Oct 2019 12:42:20 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e7fa6902 by Salvatore Bonaccorso at 2019-10-02T19:40:35Z
Add CVE-2019-16676/ruby-simple-form

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -992,7 +992,10 @@ CVE-2019-16678 (admin/urlrule/add.html in YzmCMS 5.3 
allows CSRF with a resultan
 CVE-2019-16677 (An issue was discovered in idreamsoft iCMS V7.0. 
admincp.php?app=membe ...)
        NOT-FOR-US: idreamsoft iCMS
 CVE-2019-16676 (Plataformatec Simple Form has Incorrect Access Control in 
file_method? ...)
-       TODO: check
+       - ruby-simple-form <removed>
+       NOTE: 
http://blog.plataformatec.com.br/2019/09/incorrect-access-control-in-simple-form-cve-2019-16676/
+       NOTE: 
https://github.com/plataformatec/simple_form/commit/8c91bd76a5052ddf3e3ab9fd8333f9aa7b2e2dd6
+       NOTE: 
https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx
 CVE-2019-16675
        RESERVED
 CVE-2019-16674



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e7fa6902da35d5e5fbfe2a76329857ed7edd7e0b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e7fa6902da35d5e5fbfe2a76329857ed7edd7e0b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-16676/ruby-simple-form

Reply via email to