Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
510126b5 by Salvatore Bonaccorso at 2020-11-29T21:15:20+01:00
Track fixed version for several 2018 CVEs for rubygems addressed in
reintroducing version
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -164444,7 +164444,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series:
2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
- - rubygems <unfixed>
+ - rubygems 3.2.0~rc.1-1
[wheezy] - rubygems <not-affected> (Vulnerable code not present)
- jruby 9.1.17.0-1 (bug #895778)
[jessie] - jruby <not-affected> (Vulnerable code not present)
@@ -164458,7 +164458,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series:
2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <unfixed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-1 (bug #895778)
NOTE:
https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -164468,7 +164468,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series:
2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <unfixed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-1 (bug #895778)
NOTE:
https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -164478,7 +164478,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series:
2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <unfixed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-1 (bug #895778)
NOTE:
https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -164488,7 +164488,7 @@ CVE-2018-1000075 (RubyGems version Ruby 2.2 series:
2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <unfixed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-1 (bug #895778)
NOTE:
https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -164499,7 +164499,7 @@ CVE-2018-1000074 (RubyGems version Ruby 2.2 series:
2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
- - rubygems <unfixed>
+ - rubygems 3.2.0~rc.1-1
[wheezy] - rubygems <no-dsa> (Minor issue)
- jruby 9.1.17.0-1 (bug #895778)
NOTE:
https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d
@@ -164511,7 +164511,7 @@ CVE-2018-1000073 (RubyGems version Ruby 2.2 series:
2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code not present)
- - rubygems <unfixed>
+ - rubygems 3.2.0~rc.1-1
[wheezy] - rubygems <not-affected> (Vulnerable code not present)
- jruby 9.1.17.0-2.1 (bug #895778; bug #925986)
[jessie] - jruby <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/510126b544c227363dbc2432f928aa0ca57b4a57
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/510126b544c227363dbc2432f928aa0ca57b4a57
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
