Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c5ee3fa8 by Salvatore Bonaccorso at 2022-12-04T10:37:03+01:00
Track fixed version for jruby issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -113456,7 +113456,7 @@ CVE-2021-32066 (An issue was discovered in Ruby
through 2.6.7, 2.7.x through 2.7
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- ruby2.3 <removed>
- - jruby <unfixed> (bug #1014818)
+ - jruby 9.3.9.0+ds-1 (bug #1014818)
[buster] - jruby <no-dsa> (Minor issue)
[stretch] - jruby <no-dsa> (Minor issue)
NOTE:
https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/
@@ -114385,7 +114385,7 @@ CVE-2021-31810 (An issue was discovered in Ruby
through 2.6.7, 2.7.x through 2.7
- ruby2.7 2.7.4-1 (bug #990815)
- ruby2.5 <removed>
- ruby2.3 <removed>
- - jruby <unfixed> (bug #1014818)
+ - jruby 9.3.9.0+ds-1 (bug #1014818)
[buster] - jruby <no-dsa> (Minor issue)
[stretch] - jruby <no-dsa> (Minor issue)
NOTE:
https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
@@ -162175,7 +162175,7 @@ CVE-2020-25613 (An issue was discovered in Ruby
through 2.5.8, 2.6.x through 2.6
- ruby2.5 <removed>
[buster] - ruby2.5 2.5.5-3+deb10u3
- ruby2.3 <removed>
- - jruby <unfixed> (bug #972230)
+ - jruby 9.3.9.0+ds-1 (bug #972230)
[buster] - jruby <no-dsa> (Minor issue)
NOTE:
https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
NOTE: Fix in webrick:
https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7
@@ -235204,7 +235204,7 @@ CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through
2.5.6, and 2.6.x through 2.6.4
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - jruby <unfixed> (bug #972230)
+ - jruby 9.3.9.0+ds-1 (bug #972230)
[buster] - jruby <no-dsa> (Minor issue)
NOTE:
https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
NOTE: ruby2.5:
https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
@@ -235213,7 +235213,7 @@ CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through
2.5.6, and 2.6.x through 2.6.4
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - jruby <unfixed> (bug #972230)
+ - jruby 9.3.9.0+ds-1 (bug #972230)
[buster] - jruby <no-dsa> (Minor issue)
NOTE:
https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc
NOTE: https://hackerone.com/reports/331984
@@ -235405,7 +235405,7 @@ CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby
through 2.4.7, 2.5.x throu
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - jruby <unfixed> (bug #972230)
+ - jruby 9.3.9.0+ds-1 (bug #972230)
[buster] - jruby <no-dsa> (Minor issue)
NOTE:
https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03
NOTE: https://hackerone.com/reports/661722
@@ -328296,7 +328296,7 @@ CVE-2017-17743 (Improper input sanitization within
the restricted administration
NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4,
2.5.x befo ...)
{DSA-4259-1 DLA-2330-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
- - jruby <unfixed> (bug #972230)
+ - jruby 9.3.9.0+ds-1 (bug #972230)
[buster] - jruby <no-dsa> (Minor issue)
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5ee3fa81874bb13bc0781a747927ffc27a4e98a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5ee3fa81874bb13bc0781a747927ffc27a4e98a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
