diff options
author | Ola Lundqvist <ola@inguza.com> | 2020-01-27 21:30:11 +0100 |
---|---|---|
committer | Ola Lundqvist <ola@inguza.com> | 2020-01-27 21:30:43 +0100 |
commit | 598e71552db18c383c10a8441261d1fbef1aa9d5 (patch) | |
tree | 80979b9b2f4ed96ba22b2500160cba4791f45cad | |
parent | eb9cd57ab9e034c373c8fb4f4df3ed8366273221 (diff) |
Triage work for mruby.
-rw-r--r-- | data/CVE/list.2020 | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index b0da801cc5..63038ac9ef 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -2547,19 +2547,24 @@ CVE-2020-6842 CVE-2020-6841 RESERVED CVE-2020-6840 (In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mru ...) - - mruby <undetermined> + - mruby <unfixed> + [jessie] - mruby <not-affected> (Vulnerable introduced later) NOTE: https://github.com/mruby/mruby/issues/4927 NOTE: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 TODO: check CVE-2020-6839 (In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_ ...) - mruby <undetermined> + [jessie] - mruby <ignored> (Minor issue) NOTE: https://github.com/mruby/mruby/issues/4929 NOTE: https://github.com/mruby/mruby/commit/2124b9b4c95e66e63b1eb26a8dab49753b82fd6c + NOTE: bullseye and later do not seem to have this vulnerable function. TODO: check CVE-2020-6838 (In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems ...) - - mruby <undetermined> + - mruby <unfixed> + [jessie] - mruby <not-affected> (Vulnerable introduced later) NOTE: https://github.com/mruby/mruby/issues/4926 NOTE: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 + NOTE: This commit is the same as mentioned in CVE-2020-6840. NOTE: https://github.com/mruby/mruby/commit/70e574689664c10ed2c47581999cc2ce3e3c5afb NOTE: https://github.com/mruby/mruby/commit/2742ded32fe18f88833d76b297f5c2170b6880c3 TODO: check |