Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cfa9c6ea by Moritz Muehlenhoff at 2021-12-13T08:59:56+01:00
ruby2.7 fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10839,7 +10839,7 @@ CVE-2021-41820
CVE-2021-41819 [Cookie Prefix Spoofing in CGI::Cookie.parse]
RESERVED
- ruby3.0 <unfixed>
- - ruby2.7 <unfixed>
+ - ruby2.7 2.7.5-1
- ruby2.5 <removed>
- ruby2.3 <removed>
NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
@@ -10850,7 +10850,7 @@ CVE-2021-41818
CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date
Parsing Methods]
RESERVED
- ruby3.0 <unfixed>
- - ruby2.7 <unfixed>
+ - ruby2.7 2.7.5-1
- ruby2.5 <removed>
- ruby2.3 <removed>
NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
@@ -10862,7 +10862,7 @@ CVE-2021-41817 [Regular Expression Denial of Service
Vulnerability of Date Parsi
CVE-2021-41816 [Buffer Overrun in CGI.escape_html]
RESERVED
- ruby3.0 <unfixed>
- - ruby2.7 <unfixed>
+ - ruby2.7 2.7.5-1
- ruby2.5 <not-affected> (Vulnerable code introduced later)
- ruby2.3 <not-affected> (Vulnerable code introduced later)
NOTE: Fixed in Ruby 3.0.3, 2.7.5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfa9c6eab1e91173db09d42f3e85e2e23a1cf484
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfa9c6eab1e91173db09d42f3e85e2e23a1cf484
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
