summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2021-12-02 22:27:32 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2021-12-02 22:27:32 +0100
commit680988aac4e181c028a23b66c33d315a3a23525a (patch)
treec95268157feac573681101f15e7ca9ddf0b0ac2f
parent3f605c123f61eda79de41fd18ea308d037d6eacb (diff)
Reference upstream commits for CVE-2021-41819/ruby*
-rw-r--r--data/CVE/2021.list2
1 files changed, 1 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 774124ab7f..bfebd81545 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -6283,7 +6283,7 @@ CVE-2021-41819 [Cookie Prefix Spoofing in CGI::Cookie.parse]
- ruby2.3 <removed>
NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
NOTE: https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/
- TODO: check upstream commits
+ NOTE: Fixed by: https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5 (v0.3.1)
CVE-2021-41818
RESERVED
CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsing Methods]

© 2014-2022 Faster IT GmbH | imprint | privacy policy