Santiago R.R. pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2fca27b8 by Santiago R.R at 2018-04-04T23:23:02+02:00
Notes/fixed by for ruby's issues: CVE-2018-6914 CVE-2018-8778 CVE-2018-8779
CVE-2018-8780
Signed-off-by: Santiago R.R <santiag...@riseup.net>
- - - - -
fae6a38a by Santiago R.R at 2018-04-04T23:23:44+02:00
Merge remote-tracking branch 'refs/remotes/origin/master'
- - - - -
a1bf3923 by Santiago R.R at 2018-04-04T23:24:39+02:00
Merge remote-tracking branch 'refs/remotes/origin/master'
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1304,18 +1304,26 @@ CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before
2.3.7, 2.4.x before 2.4.4, 2.
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
+ NOTE: https://hackerone.com/reports/302338
+ NOTE: Fixed by:
https://github.com/ruby/ruby/commit/bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8
+ NOTE: Fixed by:
https://github.com/ruby/ruby/commit/143eb22f1877815dd802f7928959c5f93d4c7bb3
(2.2.10)
CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4,
2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
+ NOTE: https://hackerone.com/reports/302997
+ NOTE: Fixed by:
https://github.com/ruby/ruby/commit/8794dec6a5f11adc5cdd19a5ee91ea6b0816763f
+ NOTE: Fixed by:
https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9
(2.2.10)
CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4,
2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
+ NOTE: https://hackerone.com/reports/298246
+ NOTE: Fixed by:
https://github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859
(2.2.10)
CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4,
2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
@@ -6367,6 +6375,9 @@ CVE-2018-6914 (Directory traversal vulnerability in the
Dir.mktmpdir method in t
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
+ NOTE: https://hackerone.com/reports/302298
+ NOTE: Fixed by:
https://github.com/ruby/ruby/commit/10b96900b90914b0cc1dba36f9736c038db2859d
+ NOTE: Fixed by:
https://github.com/ruby/ruby/commit/e9ddf2ba41a0bffe1047e33576affd48808c5d0b
(2.2.10)
CVE-2018-1000063
REJECTED
CVE-2017-18179 (Progress Sitefinity 9.1 uses wrap_access_token as a
non-expiring ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/e1a501f8472ff24fe66c1677b58ad1564cf7baab...a1bf39232a988f00df252f9d602bccf59ef45dd3
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/e1a501f8472ff24fe66c1677b58ad1564cf7baab...a1bf39232a988f00df252f9d602bccf59ef45dd3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
