diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-11-29 21:11:32 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-11-29 21:12:36 +0100 |
| commit | 27aa84140640066b75472fded38f13d0bf55b478 (patch) | |
| tree | 1c190bfe93de55db33eeebfdd8c1ae3c74a6c3f8 | |
| parent | 7b4b63b3e8e84be4291889830d3ae8395429a0ca (diff) | |
Add fixed version via unstable for CVE-2017-{0899..0903}/rubygems
| -rw-r--r-- | data/CVE/list | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/data/CVE/list b/data/CVE/list index e216a28302..98bafb2005 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -234453,7 +234453,7 @@ CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a po - ruby2.1 <removed> - ruby1.9.1 <removed> [wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later) - - rubygems <unfixed> + - rubygems 3.2.0~rc.1-1 [wheezy] - rubygems <not-affected> (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2017/10/10/2 NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html @@ -234464,7 +234464,7 @@ CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijack - ruby2.1 <removed> - ruby1.9.1 <removed> [wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later) - - rubygems <unfixed> + - rubygems 3.2.0~rc.1-1 [wheezy] - rubygems <not-affected> (Vulnerable code introduced later) NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html @@ -234475,7 +234475,7 @@ CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specificati - ruby2.3 2.3.3-1+deb9u1 (bug #873802) - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <unfixed> + - rubygems 3.2.0~rc.1-1 NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch @@ -234485,7 +234485,7 @@ CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously - ruby2.3 2.3.3-1+deb9u1 (bug #873802) - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <unfixed> + - rubygems 3.2.0~rc.1-1 NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch @@ -234495,7 +234495,7 @@ CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously - ruby2.3 2.3.3-1+deb9u1 (unimportant; bug #873802) - ruby2.1 <removed> (unimportant) - ruby1.9.1 <removed> (unimportant) - - rubygems <unfixed> (unimportant) + - rubygems 3.2.0~rc.1-1 (unimportant) NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch |