Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
564aefd4 by Moritz Mühlenhoff at 2020-10-14T23:21:10+02:00
new junit4 issue
solr n/a
jruby bugnums
remove stray gitaly issue, there's no reference other than gitlab for that
CVE
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3320,7 +3320,7 @@ CVE-2020-25613 (An issue was discovered in Ruby through
2.5.8, 2.6.x through 2.6
- ruby2.5 <removed>
[buster] - ruby2.5 <no-dsa> (Minor issue)
- ruby2.3 <removed>
- - jruby <unfixed>
+ - jruby <unfixed> (bug #972230)
NOTE:
https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
NOTE: Fix in webrick:
https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7
CVE-2020-25612
@@ -25028,7 +25028,7 @@ CVE-2020-15252
CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before
version ...)
NOT-FOR-US: Channelmgnt plug-in for Sopel
CVE-2020-15250 (In JUnit4 before version 4.13.1, the test rule TemporaryFolder
contain ...)
- TODO: check
+ - junit4 <unfixed>
CVE-2020-15249
RESERVED
CVE-2020-15248
@@ -28566,7 +28566,7 @@ CVE-2020-13959
CVE-2020-13958
RESERVED
CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0
to 8.6.2 ...)
- TODO: check
+ - lucene-solr <not-affected> (Vulnerable functionality not yet present)
CVE-2020-13956 [incorrect handling of malformed authority component in request
URIs]
RESERVED
{DLA-2405-1}
@@ -62806,7 +62806,6 @@ CVE-2019-19260 (GitLab Community Edition (CE) and
Enterprise Edition (EE) throug
[buster] - gitlab-workhorse <ignored> (Minor issue)
[stretch] - gitlab-workhorse <ignored> (Minor issue)
[experimental] - gitaly 1.65.2+dfsg-1
- - gitaly <unfixed>
NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19259 (GitLab Enterprise Edition (EE) 11.3 and later through 12.5
allows an I ...)
- gitlab <not-affected> (Only affects Gitlab EE)
@@ -74268,7 +74267,7 @@ CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through
2.5.6, and 2.6.x through 2.6.4
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - jruby <unfixed>
+ - jruby <unfixed> (bug #972230)
NOTE:
https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
NOTE: ruby2.5:
https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through
2.6.4 allow ...)
@@ -74276,7 +74275,7 @@ CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through
2.5.6, and 2.6.x through 2.6.4
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - jruby <unfixed>
+ - jruby <unfixed> (bug #972230)
NOTE:
https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc
NOTE: https://hackerone.com/reports/331984
NOTE:
https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/
@@ -74467,7 +74466,7 @@ CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby
through 2.4.7, 2.5.x throu
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - jruby <unfixed>
+ - jruby <unfixed> (bug #972230)
NOTE:
https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03
NOTE: https://hackerone.com/reports/661722
NOTE:
https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/
@@ -167194,7 +167193,7 @@ CVE-2017-17743 (Improper input sanitization within
the restricted administration
NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4,
2.5.x befo ...)
{DSA-4259-1 DLA-2330-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
- - jruby <unfixed>
+ - jruby <unfixed> (bug #972230)
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -167202,6 +167201,7 @@ CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before
2.3.7, 2.4.x before 2.4.4, 2.5.
- ruby1.8 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/
NOTE: https://github.com/jruby/jruby/releases/tag/9.2.12.0
+ NOTE:
https://github.com/ruby/ruby/commit/d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16
CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7
allows attac ...)
{DSA-4082-1 DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/564aefd419ad7775af2665cfe0064c2f2ab7ecb7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/564aefd419ad7775af2665cfe0064c2f2ab7ecb7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
