[Secure-testing-commits] r55804 - data/CVE

Salvatore Bonaccorso Fri, 15 Sep 2017 14:33:21 -0700

Author: carnil
Date: 2017-09-15 21:33:06 +0000 (Fri, 15 Sep 2017)
New Revision: 55804


Modified:
   data/CVE/list
Log:
Add CVE-2017-0898/ruby issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-09-15 21:29:25 UTC (rev 55803)
+++ data/CVE/list       2017-09-15 21:33:06 UTC (rev 55804)
@@ -38675,7 +38675,12 @@
        NOTE: For Ruby 2.2.7: 
https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
        NOTE: Not considered a vulnerability per se, if this affects a terminal 
emulator it's a bug there
 CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a leakage 
of its ...)
-       TODO: check
+       - ruby2.3 <unfixed>
+       - ruby2.1 <removed>
+       - ruby1.9.1 <removed>
+       - ruby1.8 <removed>
+       NOTE: https://github.com/mruby/mruby/issues/3722
+       NOTE: 
https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/
 CVE-2017-0897 (ExpressionEngine version 2.x &lt; 2.11.8 and version 3.x &lt; 
3.5.5 create ...)
        NOT-FOR-US: ExpressionEngine
 CVE-2017-0896 (Zulip Server 1.5.1 and below suffer from an error in the ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r55804 - data/CVE

Reply via email to