diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-11-29 21:11:32 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-11-29 21:12:36 +0100 |
| commit | 8b3c42148e2eea382e732f16c03867f11c7daa75 (patch) | |
| tree | 8ed406234db78ded5925e018bbb68de367a6ecd5 /data/CVE/2017.list | |
| parent | 7ca8588e5a5aecc56e610748812739d6fcafb971 (diff) | |
Add fixed version via unstable for CVE-2017-{0899..0903}/rubygems
Diffstat (limited to 'data/CVE/2017.list')
| -rw-r--r-- | data/CVE/2017.list | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index fc693b0037..ac7a1df221 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -49839,7 +49839,7 @@ CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a po - ruby2.1 <removed> - ruby1.9.1 <removed> [wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later) - - rubygems <unfixed> + - rubygems 3.2.0~rc.1-1 [wheezy] - rubygems <not-affected> (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2017/10/10/2 NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html @@ -49850,7 +49850,7 @@ CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijack - ruby2.1 <removed> - ruby1.9.1 <removed> [wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later) - - rubygems <unfixed> + - rubygems 3.2.0~rc.1-1 [wheezy] - rubygems <not-affected> (Vulnerable code introduced later) NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html @@ -49861,7 +49861,7 @@ CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specificati - ruby2.3 2.3.3-1+deb9u1 (bug #873802) - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <unfixed> + - rubygems 3.2.0~rc.1-1 NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch @@ -49871,7 +49871,7 @@ CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously - ruby2.3 2.3.3-1+deb9u1 (bug #873802) - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <unfixed> + - rubygems 3.2.0~rc.1-1 NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch @@ -49881,7 +49881,7 @@ CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously - ruby2.3 2.3.3-1+deb9u1 (unimportant; bug #873802) - ruby2.1 <removed> (unimportant) - ruby1.9.1 <removed> (unimportant) - - rubygems <unfixed> (unimportant) + - rubygems 3.2.0~rc.1-1 (unimportant) NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch |