Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2187190d by Ola Lundqvist at 2018-04-09T20:48:37+02:00
Low prio package and low prio vulnerability. In total not worth fixing.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5244,6 +5244,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2
for Node.js is prone to
NOTE: nodejs not covered by security support
CVE-2018-1000119 (Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and
earlier ...)
- ruby-rack-protection <unfixed> (bug #892250)
+ [wheezy] - ruby-rack-protection <ignored> (Low prio package and low
prio vulnerability according to RedHat)
NOTE: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20470
NOTE: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
NOTE:
https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -83,8 +83,6 @@ qemu
--
qemu-kvm
--
-ruby-rack-protection
---
ruby1.9.1 (Santiago R.R.)
NOTE: 20180402: Also vulnerable to CVE-2018-1000074. (lamby)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2187190d75955a7389479ac17bc93e4ca39e3976
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2187190d75955a7389479ac17bc93e4ca39e3976
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
