[Git][security-tracker-team/security-tracker][master] Remove no-dsa/postponed tagged entries for ruby2.1 which got update in DLA-1421-1

Fri, 13 Jul 2018 11:56:32 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0815b33b by Salvatore Bonaccorso at 2018-07-13T20:55:36+02:00
Remove no-dsa/postponed tagged entries for ruby2.1 which got update in 
DLA-1421-1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -28451,7 +28451,6 @@ CVE-2017-17790 (The lazy_initialize function in 
lib/resolv.rb in Ruby through 2.
        - ruby2.3 <removed> (bug #884879)
        [stretch] - ruby2.3 <postponed> (Minor issue, can be fixed along in 
future DSA)
        - ruby2.1 <removed>
-       [jessie] - ruby2.1 <postponed> (Minor issue, can be fixed along in 
future DSA)
        - ruby1.9.1 <removed>
        - ruby1.8 <removed>
        NOTE: https://github.com/ruby/ruby/pull/1777
@@ -61064,7 +61063,6 @@ CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is 
vulnerable to SMTP command inje
        {DSA-3966-1}
        - ruby2.3 2.3.3-1+deb9u1 (bug #864860)
        - ruby2.1 <removed>
-       [jessie] - ruby2.1 <no-dsa> (Minor issue)
        - ruby1.9.1 <removed>
        [wheezy] - ruby1.9.1 <no-dsa> (Minor issue, Net::SMTP users should 
validate data they send too)
        - ruby1.8 <removed>
@@ -94830,7 +94828,6 @@ CVE-2016-7798 (The openssl gem for Ruby uses the same 
initialization vector (IV)
        {DSA-3966-1}
        - ruby2.3 2.3.3-1+deb9u1 (bug #842432)
        - ruby2.1 <removed> (bug #842544)
-       [jessie] - ruby2.1 <no-dsa> (Minor issue)
        NOTE: https://github.com/ruby/openssl/issues/49
        NOTE: 
https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062
        - ruby-attr-encrypted 3.0.1-2
@@ -112278,7 +112275,6 @@ CVE-2016-2340 (The AMF framework in Granite Data 
Services 3.1.1-SNAPSHOT allows 
 CVE-2016-2339 (An exploitable heap overflow vulnerability exists in the ...)
        - ruby2.3 2.3.0-1
        - ruby2.1 <removed> (bug #851161)
-       [jessie] - ruby2.1 <no-dsa> (Minor issue)
        NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0034/
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/bcc2421b4938fc1d9f5f3fb6ef2320571b27af42
        NOTE: Fixed by: 
https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0815b33b245370cdf7ce07a6a3e3909d1c5a1b8c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0815b33b245370cdf7ce07a6a3e3909d1c5a1b8c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to