Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2187190d by Ola Lundqvist at 2018-04-09T20:48:37+02:00 Low prio package and low prio vulnerability. In total not worth fixing. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -5244,6 +5244,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2 for Node.js is prone to NOTE: nodejs not covered by security support CVE-2018-1000119 (Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier ...) - ruby-rack-protection <unfixed> (bug #892250) + [wheezy] - ruby-rack-protection <ignored> (Low prio package and low prio vulnerability according to RedHat) NOTE: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20470 NOTE: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395 NOTE: https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb ===================================== data/dla-needed.txt ===================================== --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -83,8 +83,6 @@ qemu -- qemu-kvm -- -ruby-rack-protection --- ruby1.9.1 (Santiago R.R.) NOTE: 20180402: Also vulnerable to CVE-2018-1000074. (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2187190d75955a7389479ac17bc93e4ca39e3976 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2187190d75955a7389479ac17bc93e4ca39e3976 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits