Author: carnil Date: 2017-09-15 21:33:06 +0000 (Fri, 15 Sep 2017) New Revision: 55804
Modified: data/CVE/list Log: Add CVE-2017-0898/ruby issue Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-09-15 21:29:25 UTC (rev 55803) +++ data/CVE/list 2017-09-15 21:33:06 UTC (rev 55804) @@ -38675,7 +38675,12 @@ NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch NOTE: Not considered a vulnerability per se, if this affects a terminal emulator it's a bug there CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a leakage of its ...) - TODO: check + - ruby2.3 <unfixed> + - ruby2.1 <removed> + - ruby1.9.1 <removed> + - ruby1.8 <removed> + NOTE: https://github.com/mruby/mruby/issues/3722 + NOTE: https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/ CVE-2017-0897 (ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create ...) NOT-FOR-US: ExpressionEngine CVE-2017-0896 (Zulip Server 1.5.1 and below suffer from an error in the ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits