Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e475358b by Sylvain Beucler at 2023-08-07T20:00:56+02:00
CVE-2023-36617/ruby2.5,jruby: buster postponed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4785,9 +4785,11 @@ CVE-2023-36617 (A ReDoS issue was discovered in the URI
component before 0.12.2
- ruby3.1 <not-affected> (Incomplete fix never applied)
- ruby2.7 <not-affected> (Incomplete fix never applied)
- ruby2.5 <removed>
+ [buster] - ruby2.5 <postponed> (Minor issue, ReDoS)
- jruby <unfixed>
[bookworm] - jruby <not-affected> (Incomplete fix never applied)
[bullseye] - jruby <not-affected> (Incomplete fix never applied)
+ [buster] - jruby <postponed> (Minor issue, ReDoS)
NOTE:
https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/
NOTE:
https://github.com/ruby/uri/commit/9010ee2536adda10a0555ae1ed6fe2f5808e6bf1
NOTE:
https://github.com/ruby/uri/commit/9d7bcef1e6ad23c9c6e4932f297fb737888144c8
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e475358bc65d999e794198822ea24411f562e7b8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e475358bc65d999e794198822ea24411f562e7b8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
