diff options
| author | Abhijith PA <abhijith@disroot.org> | 2022-05-06 13:43:14 +0530 |
|---|---|---|
| committer | Abhijith PA <abhijith@disroot.org> | 2022-05-06 13:43:14 +0530 |
| commit | a5729bd6d1e132d10990a4177253a211885771bc (patch) | |
| tree | 4b45240b9debe91fcca6a943c36a59f8249943ce /data | |
| parent | f6f3760966467b37ecb265c17f5293e1c9e3b84b (diff) | |
Reserve DLA-2996-1 for mruby
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 6 | ||||
| -rw-r--r-- | data/DLA/list | 3 | ||||
| -rw-r--r-- | data/dla-needed.txt | 3 |
3 files changed, 3 insertions, 9 deletions
diff --git a/data/CVE/list b/data/CVE/list index 5183444f13..6ac9f6bc2e 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -134677,7 +134677,6 @@ CVE-2020-15867 (The git hook feature in Gogs 0.5.5 through 0.12.2 allows for aut CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...) - mruby 2.1.2-1 (bug #972051) [buster] - mruby <no-dsa> (Minor issue) - [stretch] - mruby <no-dsa> (Minor issue) NOTE: https://github.com/mruby/mruby/issues/5042 NOTE: https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b (3.0.0-preview) NOTE: https://github.com/mruby/mruby/commit/63956036e116ef6a33a91e16348c4d1a09f6f72c (2.1.2-rc2) @@ -248862,7 +248861,6 @@ CVE-2018-14338 (samples/geotag.cpp in the example code of Exiv2 0.26 misuses the NOTE: Issue in example code of Exiv2 CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 ...) - mruby 2.0.0-1 (low; bug #903985) - [stretch] - mruby <no-dsa> (Minor issue) [jessie] - mruby <no-dsa> (Minor issue) NOTE: https://github.com/mruby/mruby/issues/4062 NOTE: https://github.com/mruby/mruby/commit/695f29cd604787f43be1af16e38d13610bf8312b @@ -254205,7 +254203,6 @@ CVE-2018-12250 (An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sid NOT-FOR-US: Elite CMS CVE-2018-12249 (An issue was discovered in mruby 1.4.1. There is a NULL pointer derefe ...) - mruby 1.4.1+20180622+git640fca32-1 (bug #901652) - [stretch] - mruby <no-dsa> (Minor issue) [jessie] - mruby <no-dsa> (Minor issue) NOTE: https://github.com/mruby/mruby/commit/faa4eaf6803bd11669bc324b4c34e7162286bfa3 NOTE: https://github.com/mruby/mruby/issues/4037 @@ -255598,7 +255595,6 @@ CVE-2018-11744 (Cloudera Manager through 5.15 has Incorrect Access Control. ...) NOT-FOR-US: Cloudera CVE-2018-11743 (The init_copy function in kernel.c in mruby 1.4.1 makes initialize_cop ...) - mruby 1.4.1+20180622+git640fca32-1 (bug #900845) - [stretch] - mruby <no-dsa> (Minor issue) [jessie] - mruby <no-dsa> (Minor issue) NOTE: https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d NOTE: https://github.com/mruby/mruby/issues/4027 @@ -260044,7 +260040,6 @@ CVE-2018-10192 (IPVanish 3.0.11 for macOS suffers from a root privilege escalati NOT-FOR-US: IPVanish for macOS CVE-2018-10191 (In versions of mruby up to and including 1.4.0, an integer overflow ex ...) - mruby 1.4.0+20180418+git54905e98-1 (bug #896020) - [stretch] - mruby <no-dsa> (Minor issue) [jessie] - mruby <no-dsa> (Minor issue) NOTE: https://github.com/mruby/mruby/issues/3995 NOTE: https://github.com/mruby/mruby/commit/1905091634a6a2925c911484434448e568330626 @@ -312366,7 +312361,6 @@ CVE-2017-9528 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote CVE-2017-9527 (The mark_context_stack function in gc.c in mruby through 1.2.0 allows ...) [experimental] - mruby 1.2.0+20170601+git51e0e690-1 - mruby 1.3.0-1 (low; bug #865778) - [stretch] - mruby <no-dsa> (Minor issue) [jessie] - mruby <no-dsa> (Minor issue) NOTE: https://github.com/mruby/mruby/issues/3486 NOTE: Fixed by: https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99 diff --git a/data/DLA/list b/data/DLA/list index fc71ca066e..75ef6f9b03 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[06 May 2022] DLA-2996-1 mruby - security update + {CVE-2017-9527 CVE-2018-10191 CVE-2018-11743 CVE-2018-12249 CVE-2018-14337 CVE-2020-15866} + [stretch] - mruby 1.2.0+20161228+git30d5424a-1+deb9u1 [05 May 2022] DLA-2995-1 smarty3 - security update {CVE-2021-21408 CVE-2021-29454} [stretch] - smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u5 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index f9f6fac733..28c2ab4a0a 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -111,9 +111,6 @@ mbedtls (Utkarsh) NOTE: 20220502: will upload with 1 fix and mark the other one NOTE: 20220502: as no-dsa today/tomorrow. (utkarsh) -- -mruby (Abhijith PA) - NOTE: https://people.debian.org/~abhijith/upload/mruby/mruby_1.2.0+20161228+git30d5424a-1+deb9u1.dsc (abhijith) --- mutt (Utkarsh) NOTE: 20220502: update prepared. smoke test pending. (utkarsh) -- |