Author: anarcat Date: 2017-08-31 15:55:50 +0000 (Thu, 31 Aug 2017) New Revision: 55322
Modified: data/CVE/list Log: clarify descriptions of ruby vulnerabilities Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-31 15:37:07 UTC (rev 55321) +++ data/CVE/list 2017-08-31 15:55:50 UTC (rev 55322) @@ -36959,7 +36959,7 @@ RESERVED CVE-2017-0903 RESERVED -CVE-2017-0902 [DNS issue] +CVE-2017-0902 [DNS request hijacking vulnerability] RESERVED - ruby2.3 <unfixed> (bug #873802) - ruby2.1 <removed> @@ -36969,7 +36969,7 @@ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch -CVE-2017-0901 [overwrite any file] +CVE-2017-0901 [gem installer allows a malicious gem to overwrite arbitrary files] RESERVED - ruby2.3 <unfixed> (bug #873802) - ruby2.1 <removed> @@ -36979,7 +36979,7 @@ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch -CVE-2017-0900 [query command] +CVE-2017-0900 [DOS vulernerability in the query command] RESERVED - ruby2.3 <unfixed> (bug #873802) - ruby2.1 <removed> @@ -36989,7 +36989,7 @@ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch -CVE-2017-0899 [ANSI escape issue] +CVE-2017-0899 [ANSI escape sequence vulnerability] RESERVED - ruby2.3 <unfixed> (bug #873802) - ruby2.1 <removed> _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits