[Secure-testing-commits] r55322 - data/CVE

Thu, 31 Aug 2017 08:56:46 -0700 

Author: anarcat
Date: 2017-08-31 15:55:50 +0000 (Thu, 31 Aug 2017)
New Revision: 55322

Modified:
   data/CVE/list
Log:
clarify descriptions of ruby vulnerabilities



Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-08-31 15:37:07 UTC (rev 55321)
+++ data/CVE/list       2017-08-31 15:55:50 UTC (rev 55322)
@@ -36959,7 +36959,7 @@
        RESERVED
 CVE-2017-0903
        RESERVED
-CVE-2017-0902 [DNS issue]
+CVE-2017-0902 [DNS request hijacking vulnerability]
        RESERVED
        - ruby2.3 <unfixed> (bug #873802)
        - ruby2.1 <removed>
@@ -36969,7 +36969,7 @@
        NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
        NOTE: For Ruby 2.3.4: 
https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
        NOTE: For Ruby 2.2.7: 
https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
-CVE-2017-0901 [overwrite any file]
+CVE-2017-0901 [gem installer allows a malicious gem to overwrite arbitrary 
files]
        RESERVED
        - ruby2.3 <unfixed> (bug #873802)
        - ruby2.1 <removed>
@@ -36979,7 +36979,7 @@
        NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
        NOTE: For Ruby 2.3.4: 
https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
        NOTE: For Ruby 2.2.7: 
https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
-CVE-2017-0900 [query command]
+CVE-2017-0900 [DOS vulernerability in the query command]
        RESERVED
        - ruby2.3 <unfixed> (bug #873802)
        - ruby2.1 <removed>
@@ -36989,7 +36989,7 @@
        NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
        NOTE: For Ruby 2.3.4: 
https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
        NOTE: For Ruby 2.2.7: 
https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
-CVE-2017-0899 [ANSI escape issue]
+CVE-2017-0899 [ANSI escape sequence vulnerability]
        RESERVED
        - ruby2.3 <unfixed> (bug #873802)
        - ruby2.1 <removed>


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to