Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1662eafb by Salvatore Bonaccorso at 2021-10-19T22:29:27+02:00
Add CVE-2011-1497/rails for an ancient issue
The versions affected for ruby-{active,action}*-X.Y packages are long
gone in Debian, so do not go down these versions to track the fixed
verion. src:rails OTOH was then never affected in Debian as the initial
upload for Rails 4.0 contained the fix already.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -429323,7 +429323,9 @@ CVE-2011-1498 (Apache HttpClient 4.x before 4.1.1 in
Apache HttpComponents, when
NOTE: http://seclists.org/oss-sec/2011/q2/188
NOTE:
http://web.archive.org/web/20130102213624/http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
CVE-2011-1497 (A cross-site scripting vulnerability flaw was found in the
auto_link f ...)
- TODO: check
+ - rails <not-affected> (Fixed before initial release of rails 4.0 to
Debian)
+ NOTE: https://www.openwall.com/lists/oss-security/2011/04/06/13
+ NOTE:
https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d
CVE-2011-1496 (tmux 1.3 and 1.4 does not properly drop group privileges, which
allows ...)
{DSA-2212-1}
- tmux 1.4-6 (bug #620304)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1662eafb083d6d58cfd5aa18c745bcd53fdfb1b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1662eafb083d6d58cfd5aa18c745bcd53fdfb1b9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
