diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-05-22 23:56:20 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-05-22 23:56:20 +0200 |
| commit | 2600e47a6fb9aa588dc9c1abfe5cce080c11299f (patch) | |
| tree | ae016061d5f0b9d944ca8d5f4b13ead0c1d58070 | |
| parent | 06e0feb8679a17fa13905202bc569fc83a8f35a8 (diff) | |
Update notes for CVE-2020-8161/ruby-rack
Add a needed followup commit to fix issue uncovered in the testsuite.
Reference as well the testcase for the directory traversal issue in
Rack::Directory app.
| -rw-r--r-- | data/CVE/list.2020 | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 862f10780c..c54c7f60a3 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -11875,7 +11875,9 @@ CVE-2020-8161 [Directory traversal in Rack::Directory] {DLA-2216-1} - ruby-rack 2.1.1-5 NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ - NOTE: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e + NOTE: Fixed by: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e + NOTE: Required followup: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa + NOTE: Test: https://github.com/rack/rack/commit/775c836bdd25b63340399fea739532d746860a94 CVE-2020-8160 RESERVED CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...) |