Re: CVE-2023-33460, ruby-yajl affected?

2023-07-05 Thread Anton Gladky
Thanks all for the discussion. @Tobias, thanks for marking the CVE in the list. Best regards Anton Am Mi., 5. Juli 2023 um 17:56 Uhr schrieb Tobias Frost : > On Wed, Jul 05, 2023 at 09:06:15AM +, Bastien Roucaričs wrote: > > Le mercredi 5 juillet 2023, 04:52:48 UTC Anton Gladky a écrit :

[SECURITY] [DSA 5448-1] linux security update

2023-07-05 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5448-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 05, 2023

[SECURITY] [DSA 5447-1] mediawiki security update

2023-07-05 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5447-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2023

Re: CVE-2023-33460, ruby-yajl affected?

2023-07-05 Thread Tobias Frost
On Wed, Jul 05, 2023 at 09:06:15AM +, Bastien Roucariès wrote: > Le mercredi 5 juillet 2023, 04:52:48 UTC Anton Gladky a écrit : > > Hello, > > > > I am looking into CVE-2023-33460 and I am not sure that ruby-yajl > > is affected. There is no direct dependency on yajl, where the vulnerability

Re: CVE-2023-33460, ruby-yajl affected?

2023-07-05 Thread Bastien Roucariès
Le mercredi 5 juillet 2023, 04:52:48 UTC Anton Gladky a écrit : > Hello, > > I am looking into CVE-2023-33460 and I am not sure that ruby-yajl > is affected. There is no direct dependency on yajl, where the vulnerability > was detected. ruby-yajl include a old version of yajl 1.01.12 The vuln

External check

2023-07-05 Thread Security Tracker
CVE-2020-23064: TODO: check CVE-2021-45985: missing from list CVE-2021-46059: missing from list CVE-2021-46141: missing from list CVE-2023-24535: TODO: check CVE-2023-3117: TODO: check in https://bugzilla.redhat.com/show_bug.cgi?id=2213260, duplicate of CVE-2023-3390 CVE-2023-3255: missing from