Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2f904291 by Chris Lamb at 2020-07-11T18:07:14+01:00
Revert "Triage CVE-2019-8325, CVE-2019-8324, CVE-2019-8323 etc. in jruby
for stretch LTS."
This reverts commit 29979a390f7915a46b9c7f18b6ff7576f3828039.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49078,7 +49078,6 @@ CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through
2.5.6, and 2.6.x through 2.6.4
- ruby2.3 <removed>
- ruby2.1 <removed>
- jruby <unfixed>
- [stretch] - jruby <end-of-life>
(https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE:
https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
NOTE: ruby2.5:
https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through
2.6.4 allow ...)
@@ -49087,7 +49086,6 @@ CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through
2.5.6, and 2.6.x through 2.6.4
- ruby2.3 <removed>
- ruby2.1 <removed>
- jruby <unfixed>
- [stretch] - jruby <end-of-life>
(https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE:
https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc
NOTE: https://hackerone.com/reports/331984
NOTE:
https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/
@@ -49279,7 +49277,6 @@ CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby
through 2.4.7, 2.5.x throu
- ruby2.3 <removed>
- ruby2.1 <removed>
- jruby <unfixed>
- [stretch] - jruby <end-of-life>
(https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE:
https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03
NOTE: https://hackerone.com/reports/661722
NOTE:
https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/
@@ -74706,7 +74703,6 @@ CVE-2019-8325 (An issue was discovered in RubyGems 2.6
and later through 3.0.2.
- ruby2.1 <removed>
- rubygems <removed>
- jruby 9.1.17.0-3 (bug #925987)
- [stretch] - jruby <end-of-life>
(https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -74717,7 +74713,6 @@ CVE-2019-8324 (An issue was discovered in RubyGems 2.6
and later through 3.0.2.
- ruby2.1 <removed>
- rubygems <removed>
- jruby 9.1.17.0-3 (bug #925987)
- [stretch] - jruby <end-of-life>
(https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -74728,7 +74723,6 @@ CVE-2019-8323 (An issue was discovered in RubyGems 2.6
and later through 3.0.2.
- ruby2.1 <removed>
- rubygems <removed>
- jruby 9.1.17.0-3 (bug #925987)
- [stretch] - jruby <end-of-life>
(https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -74739,7 +74733,6 @@ CVE-2019-8322 (An issue was discovered in RubyGems 2.6
and later through 3.0.2.
- ruby2.1 <removed>
- rubygems <removed>
- jruby 9.1.17.0-3 (bug #925987)
- [stretch] - jruby <end-of-life>
(https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -74751,7 +74744,6 @@ CVE-2019-8321 (An issue was discovered in RubyGems 2.6
and later through 3.0.2.
[jessie] - ruby2.1 <not-affected> (Vulnerable code introduced later)
- rubygems <removed>
- jruby 9.1.17.0-3 (bug #925987)
- [stretch] - jruby <end-of-life>
(https://lists.debian.org/debian-security-announce/2018/msg00148.html)
NOTE:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
@@ -74762,7 +74754,6 @@ CVE-2019-8320 (A Directory Traversal issue was
discovered in RubyGems 2.7.6 and
- ruby2.1 <removed>
- rubygems <removed>
- jruby 9.1.17.0-3 (bug #925987)
- [stretch] - jruby <end-of-life>
(https://lists.debian.org/debian-security-announce/2018/msg00148.html)
[jessie] - jruby <not-affected> (Vulnerable code introduced later)
NOTE:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f9042915f6d467024e3956818676290ec4ea516
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f9042915f6d467024e3956818676290ec4ea516
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
