Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2fca27b8 by Santiago R.R at 2018-04-04T23:23:02+02:00 Notes/fixed by for ruby's issues: CVE-2018-6914 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Signed-off-by: Santiago R.R <santiag...@riseup.net> - - - - - fae6a38a by Santiago R.R at 2018-04-04T23:23:44+02:00 Merge remote-tracking branch 'refs/remotes/origin/master' - - - - - a1bf3923 by Santiago R.R at 2018-04-04T23:24:39+02:00 Merge remote-tracking branch 'refs/remotes/origin/master' - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1304,18 +1304,26 @@ CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2. - ruby2.1 <removed> - ruby1.9.1 <removed> NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/ + NOTE: https://hackerone.com/reports/302338 + NOTE: Fixed by: https://github.com/ruby/ruby/commit/bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8 + NOTE: Fixed by: https://github.com/ruby/ruby/commit/143eb22f1877815dd802f7928959c5f93d4c7bb3 (2.2.10) CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...) - ruby2.5 2.5.1-1 - ruby2.3 <unfixed> - ruby2.1 <removed> - ruby1.9.1 <removed> NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/ + NOTE: https://hackerone.com/reports/302997 + NOTE: Fixed by: https://github.com/ruby/ruby/commit/8794dec6a5f11adc5cdd19a5ee91ea6b0816763f + NOTE: Fixed by: https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9 (2.2.10) CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...) - ruby2.5 2.5.1-1 - ruby2.3 <unfixed> - ruby2.1 <removed> - ruby1.9.1 <removed> NOTE: https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/ + NOTE: https://hackerone.com/reports/298246 + NOTE: Fixed by: https://github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859 (2.2.10) CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...) - ruby2.5 2.5.1-1 - ruby2.3 <unfixed> @@ -6367,6 +6375,9 @@ CVE-2018-6914 (Directory traversal vulnerability in the Dir.mktmpdir method in t - ruby2.1 <removed> - ruby1.9.1 <removed> NOTE: https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/ + NOTE: https://hackerone.com/reports/302298 + NOTE: Fixed by: https://github.com/ruby/ruby/commit/10b96900b90914b0cc1dba36f9736c038db2859d + NOTE: Fixed by: https://github.com/ruby/ruby/commit/e9ddf2ba41a0bffe1047e33576affd48808c5d0b (2.2.10) CVE-2018-1000063 REJECTED CVE-2017-18179 (Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e1a501f8472ff24fe66c1677b58ad1564cf7baab...a1bf39232a988f00df252f9d602bccf59ef45dd3 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e1a501f8472ff24fe66c1677b58ad1564cf7baab...a1bf39232a988f00df252f9d602bccf59ef45dd3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits