[Git][security-tracker-team/security-tracker][master] jruby is fixed in sid, thanks to Jérôme Charaoui

Sat, 03 Aug 2024 03:04:45 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
151790e8 by Moritz Muehlenhoff at 2024-08-03T12:03:51+02:00
jruby is fixed in sid, thanks to Jérôme Charaoui

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -103819,12 +103819,13 @@ CVE-2023-28756 (A ReDoS issue was discovered in the 
Time component through 0.2.1
        - ruby2.7 <removed>
        - ruby2.5 <removed>
        [experimental] - jruby 9.4.3.0+ds-1~exp1
-       - jruby <unfixed> (bug #1036283)
+       - jruby 9.4.5.0+ds-1 (bug #1036283)
        [bookworm] - jruby <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e 
(v3_1_4)
        NOTE: Fixed by: 
https://github.com/ruby/time/commit/b57db51f577875d3e896dcd2ef1dcaf97f23e943 
(v0.2.2)
        NOTE: Fixed by: 
https://github.com/ruby/time/commit/3dce6f73d14f5fad6d9b302393fd02df48797b11 
(v0.2.2)
        NOTE: 
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
+       NOTE: 
https://github.com/jruby/jruby/commit/36637a1b4e434cbb75c8f87be128b7763cedf99d 
(9.4.3.0)
 CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 
0.12.0 in Ru ...)
        {DLA-3447-1 DLA-3408-1}
        - rubygems 3.4.20-1
@@ -103835,12 +103836,13 @@ CVE-2023-28755 (A ReDoS issue was discovered in the 
URI component through 0.12.0
        - ruby2.7 <removed>
        - ruby2.5 <removed>
        [experimental] - jruby 9.4.3.0+ds-1~exp1
-       - jruby <unfixed> (bug #1036283)
+       - jruby 9.4.5.0+ds-1 (bug #1036283)
        [bookworm] - jruby <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300 
(v3_1_4)
        NOTE: Fixed by: 
https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175 
(v0.12.1)
        NOTE: 
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
        NOTE: Incomplete fix, cf. CVE-2023-36617
+       NOTE: 
https://github.com/jruby/jruby/commit/7e220403384faef102e838b412b4d1b3a9cfb6ec 
(9.4.3.0)
 CVE-2023-28754 (Deserialization of Untrusted Data vulnerability in Apache 
ShardingSphe ...)
        NOT-FOR-US: Apache ShardingSphere-Agent
 CVE-2023-28753 (netconsd prior to v0.2 was vulnerable to an integer overflow 
in its pa ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/151790e8632af2c9888f4e9f73bcc3c69a292531

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/151790e8632af2c9888f4e9f73bcc3c69a292531
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to