Author: jmm
Date: 2015-08-21 12:36:22 +0000 (Fri, 21 Aug 2015)
New Revision: 36245
Modified:
data/CVE/list
Log:
haskell-tls bug
ruby2.2 n/a
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-21 12:24:04 UTC (rev 36244)
+++ data/CVE/list 2015-08-21 12:36:22 UTC (rev 36245)
@@ -11450,17 +11450,14 @@
- ruby1.9.1 <removed>
- ruby2.0 <removed>
- ruby2.1 <unfixed>
- - ruby2.2 <unfixed>
+ - ruby2.2 <not-affected> (DL has been removed in 2.2)
NOTE:
https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b
NOTE: Although the is upstream commit mentioned, the corresponding
change does not
NOTE: seem to be contained in e.g. latest 1.9.1 and 2.1. E.g.
NOTE:
https://sources.debian.net/src/ruby2.1/2.1.5-4/ext/dl/handle.c/#L120 does not
NOTE: contain the change.
NOTE: In
https://github.com/ruby/ruby/commit/07308c4d30b8c5260e5366c8eed2abf054d86fe7
- NOTE: DL was replaced by Fiddle but the problem might still be present
there (un-
- NOTE: checked)
NOTE: Discussion http://seclists.org/oss-sec/2015/q3/220
- TODO: check
CVE-2009-5146 [memory leak in hostname TLS extension]
RESERVED
- openssl 0.9.8k-1
@@ -63566,7 +63563,7 @@
[squeeze] - gnutls26 <no-dsa> (Too intrusive to backport)
- gnutls28 3.0.22-3
- cyassl 2.9.4+dfsg-1
- - haskell-tls <unfixed>
+ - haskell-tls <unfixed> (bug #796342)
[wheezy] - haskell-tls <no-dsa> (Minor issue)
[jessie] - haskell-tls <no-dsa> (Minor issue)
- matrixssl <removed> (low)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
