diff options
author | Ola Lundqvist <ola@inguza.com> | 2020-01-27 21:30:11 +0100 |
---|---|---|
committer | Ola Lundqvist <ola@inguza.com> | 2020-01-27 21:30:43 +0100 |
commit | 2eccf5fc472cd7948c8eea3879681087bd911422 (patch) | |
tree | 2c30308a72773101658a4067760a17dd768b9f76 /data/CVE/list | |
parent | 48c00a46bd2b8e876fde0e0bec68068b2ead4ada (diff) |
Triage work for mruby.
Diffstat (limited to 'data/CVE/list')
-rw-r--r-- | data/CVE/list | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index f4087d58c1..49f756c1aa 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -2690,19 +2690,24 @@ CVE-2020-6842 CVE-2020-6841 RESERVED CVE-2020-6840 (In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mru ...) - - mruby <undetermined> + - mruby <unfixed> + [jessie] - mruby <not-affected> (Vulnerable introduced later) NOTE: https://github.com/mruby/mruby/issues/4927 NOTE: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 TODO: check CVE-2020-6839 (In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_ ...) - mruby <undetermined> + [jessie] - mruby <ignored> (Minor issue) NOTE: https://github.com/mruby/mruby/issues/4929 NOTE: https://github.com/mruby/mruby/commit/2124b9b4c95e66e63b1eb26a8dab49753b82fd6c + NOTE: bullseye and later do not seem to have this vulnerable function. TODO: check CVE-2020-6838 (In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems ...) - - mruby <undetermined> + - mruby <unfixed> + [jessie] - mruby <not-affected> (Vulnerable introduced later) NOTE: https://github.com/mruby/mruby/issues/4926 NOTE: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 + NOTE: This commit is the same as mentioned in CVE-2020-6840. NOTE: https://github.com/mruby/mruby/commit/70e574689664c10ed2c47581999cc2ce3e3c5afb NOTE: https://github.com/mruby/mruby/commit/2742ded32fe18f88833d76b297f5c2170b6880c3 TODO: check |