Source: ruby-fugit
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby-fugit.
CVE-2024-43380[0]:
| fugit contains time tools for flor and the floraison group. The
| fugit "natural" parser, that turns "every wednesday at
Source: ruby-devise-two-factor
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby-devise-two-factor.
CVE-2024-8796[0]:
| Under the default configuration, Devise-Two-Factor versions >= 2.2.0
| & < 6.0.0 generate TOTP sh
Source: puma
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for puma.
CVE-2024-45614[0]:
| Puma is a Ruby/Rack web server built for parallelism. In affected
| versions clients could clobber values set by intermediate proxies
|
Source: ruby3.2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby3.2.
CVE-2024-35176[0]:
| REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a
| denial of service vulnerability when it parses an XML tha
Source: ruby3.1
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby3.1.
CVE-2024-35176[0]:
| REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a
| denial of service vulnerability when it parses an XML tha
Source: ruby-rack
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for ruby-rack.
CVE-2024-26141[0]:
Reject Range headers which are too large
https://github.com/rack/rack/releases/tag/v2.2.8.1
https://github.com/rack/rack/comm
Source: ruby-sidekiq
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-sidekiq.
CVE-2023-26141[0]:
| Versions of the package sidekiq before 7.1.3 are vulnerable to
| Denial of Service (DoS) due to insufficient checks in t
Source: ruby-sanitize
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-sanitize.
CVE-2023-36823[0]:
| Sanitize is an allowlist-based HTML and CSS sanitizer. Using
| carefully crafted input, an attacker may be able to sne
Source: ruby-commonmarker
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby-commonmarker.
CVE-2023-37463[0]:
| cmark-gfm is an extended version of the C reference implementation
| of CommonMark, a rationalized version
Source: ruby-doorkeeper
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby-doorkeeper.
CVE-2023-34246[0]:
| Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior
| to version 5.6.6, Doorkeeper automaticall
Source: ruby-commonmarker
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby-commonmarker.
CVE-2022-39209[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. In ver
Source: ruby-commonmarker
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for ruby-commonmarker.
CVE-2023-26485[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. A p
Source: ruby-commonmarker
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for ruby-commonmarker.
CVE-2023-22483[0]:
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
| rendering library and program in C. Ver
Am Fri, Feb 26, 2021 at 05:29:07PM +0100 schrieb Moritz Muehlenhoff:
> Source: open-build-service
> Severity: important
> Tags: security
> X-Debbugs-Cc: Debian Security Team
>
> CVE-2020-8020:
> https://bugzilla.suse.com/show_bug.cgi?id=1171439
> https://github.com/openSUSE/open-build-service/com
Source: rails
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for rails.
CVE-2023-22796[0]:
https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
https://g
Source: ruby-sanitize
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby-sanitize.
CVE-2023-23627[0]:
| Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0
| and later, prior to 6.0.1, are vulnerable
Source: ruby-rails-html-sanitizer
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for ruby-rails-html-sanitizer.
CVE-2022-23517[0]:
| rails-html-sanitizer is responsible for sanitizing HTML fragments in
| Rails applications.
Source: redmine
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for redmine.
CVE-2022-44030[0]:
| Redmine 5.x before 5.0.4 allows downloading of file attachments of any
| Issue or any Wiki page due to insufficient permission
Source: rails
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for rails.
CVE-2022-2[0]:
| A XSS Vulnerability in Action View tag helpers >= 5.2.0 and <
| 5.2.0 which would allow an attacker to inject content if able to
| con
Source: rails
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for rails.
CVE-2022-32224[0]:
https://github.com/advisories/GHSA-3hhc-qp5v-9p2j
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnera
Source: ruby-mechanize
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby-mechanize.
CVE-2022-31033[0]:
| The Mechanize library is used for automating interaction with
| websites. Mechanize automatically stores and sen
Source: ruby-jmespath
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-jmespath.
CVE-2022-32511[0]:
| jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a
| situation where JSON.parse is preferable.
http
Source: ruby-yajl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-yajl.
CVE-2022-24795[0]:
| yajl-ruby is a C binding to the YAJL JSON parsing and generation
| library. The 1.x branch and the 2.x branch of `yajl` contai
Source: ruby-kubeclient
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-kubeclient.
CVE-2022-0759[0]:
| A flaw was found in all versions of kubeclient up to (but not
| including) v4.9.3, the Ruby client for Kubernetes R
Source: ruby-sinatra
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-sinatra.
CVE-2022-29970[0]:
| Sinatra before 2.2.0 does not validate that the expanded path matches
| public_dir when serving static files.
https://g
Source: ruby2.7
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for ruby2.7.
CVE-2021-31799[0]:
A command injection vulnerability in RDoc
https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
https://git
Source: redmine
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for redmine.
CVE-2021-31863[0]:
| Insufficient input validation in the Git repository integration of
| Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before
Source: ruby-addressable
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-addressable.
CVE-2021-32740[0]:
| Addressable is an alternative implementation to the URI implementation
| that is part of Ruby's standard library
On Sat, Feb 02, 2019 at 01:22:47AM +0900, Youhei SASAKI wrote:
> Hi,
>
> Thanks to ping. I'll try it this weekend.
ping :-)
Cheers,
Moritz
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https:/
On Sat, Oct 29, 2016 at 09:27:25PM +0200, Salvatore Bonaccorso wrote:
> Package: bundler
> Version: 1.7.4-1
> Severity: important
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for bundler.
>
> CVE-2016-7954[0]:
> code execution via gem name collission in bundler
On Mon, Dec 03, 2018 at 04:19:44PM +, Youhei SASAKI wrote:
> Control: tag -1 pending
>
> Hello,
>
> Bug #909933 in jekyll reported by you has been fixed in the
> Git repository and is awaiting an upload. You can see the commit
> message below and you can check the diff of the fix at:
>
> htt
On Mon, Dec 03, 2018 at 11:43:24AM +0100, Didier 'OdyX' Raboud wrote:
> > Please revert that one. We don't want more dependencies on
> > libssl1.0-dev. We want it actually out of testing and are down to one
> > package.
>
> Which one?
kde4libs, see #913959.
Cheers,
Moritz
__
On Fri, Oct 26, 2018 at 03:24:27PM +0800, Andrew Lee (李健秋) wrote:
> * CVE-2018-12466 probably not affected:
> - This pointed to the same commit in upstream github. And the url
> provided on the CVE listed vulnerable products that doesn't
> contains OBS 2.7.x:
> https://www.securityfoc
33 matches
Mail list logo