Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
40861f21 by Salvatore Bonaccorso at 2024-07-04T22:24:16+02:00
Add CVE-2024-39316/ruby-rack
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -307,7 +307,11 @@ CVE-2024-39891 (In the Twilio Authy API, accessed by Authy
Android before 25.1.0
CVE-2024-39323 (aimeos/ai-admin-graphql is the Aimeos GraphQL API admin
interface. Sta ...)
NOT-FOR-US: Aimeos GraphQL API admin interface
CVE-2024-39316 (Rack is a modular Ruby web server interface. Starting in
version 3.1.0 ...)
- TODO: check
+ - ruby-rack <not-affected> (vulnerable code not present)
+ NOTE:
https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7
+ NOTE: Fixed by:
https://github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058
(v3.1.5)
+ NOTE: Issue exists because fix for CVE-2024-26146 was not applied to
the main branch
+ NOTE: and was left unfixed in the 3.1.y series until 3.1.5.
CVE-2024-39315 (Pomerium is an identity and context-aware access proxy. Prior
to versi ...)
NOT-FOR-US: Pomerium
CVE-2024-39206 (An issue discovered in MSP360 Backup Agent v7.8.5.15 and
v7.9.4.84 all ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40861f211da392abc2b0cb2fc1f0b4c67e3806d6
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40861f211da392abc2b0cb2fc1f0b4c67e3806d6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
