[Secure-testing-commits] r47897 - data/CVE

Salvatore Bonaccorso Tue, 10 Jan 2017 22:23:50 -0800

Author: carnil
Date: 2017-01-11 06:23:21 +0000 (Wed, 11 Jan 2017)
New Revision: 47897


Modified:
   data/CVE/list
Log:
Add CVE-2016-2337

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-01-11 06:17:08 UTC (rev 47896)
+++ data/CVE/list       2017-01-11 06:23:21 UTC (rev 47897)
@@ -35738,7 +35738,10 @@
 CVE-2016-2338
        RESERVED
 CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class 
method. ...)
-       TODO: check
+       - ruby2.3 <unfixed>
+       - ruby2.1 <removed>
+       NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0031/
+       TODO: check, might not be exploitable in jessie with ruby2.1, since 
requires cancel_eval which is supported in Tcl/Tk8.6 or later.
 CVE-2016-2336 (Type confusion exists in two methods of Ruby's WIN32OLE class, 
...)
        - ruby2.3 <unfixed> (unimportant)
        - ruby2.1 <removed> (unimportant)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47897 - data/CVE

Reply via email to