Author: carnil
Date: 2017-10-08 14:49:06 +0000 (Sun, 08 Oct 2017)
New Revision: 56519
Modified:
data/CVE/list
Log:
Add fixing version for ruby2.3 in unstable
The package was proped-up to unstable at 9.2 point release time.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-08 14:32:32 UTC (rev 56518)
+++ data/CVE/list 2017-10-08 14:49:06 UTC (rev 56519)
@@ -2904,7 +2904,7 @@
RESERVED
CVE-2017-14064 (Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through
2.4.1 can ...)
{DSA-3966-1 DLA-1114-1}
- - ruby2.3 <unfixed> (bug #873906)
+ - ruby2.3 2.3.3-1+deb9u1 (bug #873906)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://bugs.ruby-lang.org/issues/13853
@@ -15474,7 +15474,7 @@
NOT-FOR-US: Synology Photo Station
CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command
injection ...)
{DSA-3966-1}
- - ruby2.3 <unfixed> (bug #864860)
+ - ruby2.3 2.3.3-1+deb9u1 (bug #864860)
- ruby2.1 <removed>
[jessie] - ruby2.1 <no-dsa> (Minor issue)
- ruby1.9.1 <removed>
@@ -40614,7 +40614,7 @@
RESERVED
CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS
hijacking ...)
{DSA-3966-1}
- - ruby2.3 <unfixed> (bug #873802)
+ - ruby2.3 2.3.3-1+deb9u1 (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
@@ -40626,7 +40626,7 @@
NOTE: For Ruby 2.2.7:
https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate
specification ...)
{DSA-3966-1 DLA-1114-1 DLA-1112-1}
- - ruby2.3 <unfixed> (bug #873802)
+ - ruby2.3 2.3.3-1+deb9u1 (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- rubygems <removed>
@@ -40636,7 +40636,7 @@
NOTE: For Ruby 2.2.7:
https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to
maliciously ...)
{DSA-3966-1 DLA-1114-1 DLA-1112-1}
- - ruby2.3 <unfixed> (bug #873802)
+ - ruby2.3 2.3.3-1+deb9u1 (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- rubygems <removed>
@@ -40646,7 +40646,7 @@
NOTE: For Ruby 2.2.7:
https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to
maliciously ...)
{DSA-3966-1 DLA-1114-1}
- - ruby2.3 <unfixed> (unimportant; bug #873802)
+ - ruby2.3 2.3.3-1+deb9u1 (unimportant; bug #873802)
- ruby2.1 <removed> (unimportant)
- ruby1.9.1 <removed> (unimportant)
- rubygems <removed> (unimportant)
@@ -48864,7 +48864,7 @@
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
CVE-2016-7798 (The openssl gem for Ruby uses the same initialization vector
(IV) in ...)
{DSA-3966-1}
- - ruby2.3 <unfixed> (bug #842432)
+ - ruby2.3 2.3.3-1+deb9u1 (bug #842432)
- ruby2.1 <removed> (bug #842544)
[jessie] - ruby2.1 <no-dsa> (Minor issue)
NOTE: https://github.com/ruby/openssl/issues/49
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
