summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2020-10-19 06:47:18 +0200
committerSalvatore Bonaccorso <carnil@debian.org>2020-10-19 06:47:18 +0200
commit1f506a78e3b41d4702885725f31365ca904150be (patch)
tree7c798b3ec029f0b8384813f2392b592545be7fa5
parent69965a94c5034a91bad13b83ced1dd7a111c7354 (diff)
src:rubygems has been re-introduced into the archive
The initial upload states: - Upstream bundler source code is now hosted in the same git repository as rubygems, due to that this new source package is introduced and it will provide the binaries previously provided by src:bundler (ruby-bundler and bundler). src:bundler will be removed after src:rubygems is accepted. We need to recheck if any of this previously unfixed issues are still unfixed or now adressed with this initial first re-upload.
Diffstat
-rw-r--r--data/CVE/2013.list4
-rw-r--r--data/CVE/2017.list10
-rw-r--r--data/CVE/2018.list14
-rw-r--r--data/CVE/2019.list12
4 files changed, 20 insertions, 20 deletions
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 0cf7e4e4ee..af225c318c 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -8192,7 +8192,7 @@ CVE-2013-4365 (Heap-based buffer overflow in the fcgid_header_bucket_read functi
CVE-2013-4364 ((1) oo-analytics-export and (2) oo-analytics-import in the openshift-o ...)
NOT-FOR-US: OpenShift
CVE-2013-4363 (Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION ...)
- - rubygems <removed> (unimportant; bug #722361)
+ - rubygems <unfixed> (unimportant; bug #722361)
- libgems-ruby <removed> (unimportant; bug #722361)
NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
NOTE: it a potential elevated CPU consumption doesn't add any extra harm
@@ -8482,7 +8482,7 @@ CVE-2013-4288 (Race condition in PolicyKit (aka polkit) allows local users to by
[squeeze] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API)
[wheezy] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API)
CVE-2013-4287 (Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN ...)
- - rubygems <removed> (unimportant; bug #722361)
+ - rubygems <unfixed> (unimportant; bug #722361)
- libgems-ruby <removed> (unimportant; bug #722361)
NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
NOTE: it a potential elevated CPU consumption doesn't add any extra harm
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index eee288a04e..689f899299 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -49826,7 +49826,7 @@ CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a po
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
- - rubygems <removed>
+ - rubygems <unfixed>
[wheezy] - rubygems <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2017/10/10/2
NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html
@@ -49837,7 +49837,7 @@ CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijack
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
- - rubygems <removed>
+ - rubygems <unfixed>
[wheezy] - rubygems <not-affected> (Vulnerable code introduced later)
NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
@@ -49848,7 +49848,7 @@ CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specificati
- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
@@ -49858,7 +49858,7 @@ CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously
- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
@@ -49868,7 +49868,7 @@ CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously
- ruby2.3 2.3.3-1+deb9u1 (unimportant; bug #873802)
- ruby2.1 <removed> (unimportant)
- ruby1.9.1 <removed> (unimportant)
- - rubygems <removed> (unimportant)
+ - rubygems <unfixed> (unimportant)
NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index ca17209133..1dcab54404 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -36959,7 +36959,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
- - rubygems <removed>
+ - rubygems <unfixed>
[wheezy] - rubygems <not-affected> (Vulnerable code not present)
- jruby 9.1.17.0-1 (bug #895778)
[jessie] - jruby <not-affected> (Vulnerable code not present)
@@ -36973,7 +36973,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -36983,7 +36983,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -36993,7 +36993,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -37003,7 +37003,7 @@ CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -37014,7 +37014,7 @@ CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
- - rubygems <removed>
+ - rubygems <unfixed>
[wheezy] - rubygems <no-dsa> (Minor issue)
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d
@@ -37026,7 +37026,7 @@ CVE-2018-1000073 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code not present)
- - rubygems <removed>
+ - rubygems <unfixed>
[wheezy] - rubygems <not-affected> (Vulnerable code not present)
- jruby 9.1.17.0-2.1 (bug #895778; bug #925986)
[jessie] - jruby <not-affected> (Vulnerable code not present)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 405a832c7d..da99914283 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -34466,7 +34466,7 @@ CVE-2019-8325 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -34476,7 +34476,7 @@ CVE-2019-8324 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -34486,7 +34486,7 @@ CVE-2019-8323 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -34496,7 +34496,7 @@ CVE-2019-8322 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -34507,7 +34507,7 @@ CVE-2019-8321 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
- ruby2.3 <removed>
- ruby2.1 <removed>
[jessie] - ruby2.1 <not-affected> (Vulnerable code introduced later)
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -34517,7 +34517,7 @@ CVE-2019-8320 (A Directory Traversal issue was discovered in RubyGems 2.7.6 and
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-3 (bug #925987)
[jessie] - jruby <not-affected> (Vulnerable code introduced later)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/

© 2014-2024 Faster IT GmbH | imprint | privacy policy