Author: carnil
Date: 2015-08-12 17:48:07 +0000 (Wed, 12 Aug 2015)
New Revision: 36021

Modified:
   data/CVE/list
Log:
Add more note for CVE-2009-5147/ruby*

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-08-12 17:21:48 UTC (rev 36020)
+++ data/CVE/list       2015-08-12 17:48:07 UTC (rev 36021)
@@ -10217,6 +10217,9 @@
        NOTE: seem to be contained in e.g. latest 1.9.1 and 2.1. E.g.
        NOTE: 
https://sources.debian.net/src/ruby2.1/2.1.5-4/ext/dl/handle.c/#L120 does
        NOTE: contain the change.
+       NOTE: In 
https://github.com/ruby/ruby/commit/07308c4d30b8c5260e5366c8eed2abf054d86fe7
+       NOTE: DL was replaced by Fiddle but the problem might still be present 
there (un-
+       NOTE: checked)
        NOTE: Discussion http://seclists.org/oss-sec/2015/q3/220
        TODO: check
 CVE-2009-5146 [memory leak in hostname TLS extension]


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to