diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-10-19 06:47:18 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-10-19 06:47:18 +0200 |
commit | 0aceb777381db1b9f19904f7e569ea001aa80e62 (patch) | |
tree | cfc0e6c98f927b258e812942a077ea2ca5f2a44c /data | |
parent | e41e86fc60756705b9754a8bc60ad94128f2bb81 (diff) |
src:rubygems has been re-introduced into the archive
The initial upload states:
- Upstream bundler source code is now hosted in the same git repository as
rubygems, due to that this new source package is introduced and it will
provide the binaries previously provided by src:bundler (ruby-bundler
and bundler). src:bundler will be removed after src:rubygems is accepted.
We need to recheck if any of this previously unfixed issues are still
unfixed or now adressed with this initial first re-upload.
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list.2013 | 4 | ||||
-rw-r--r-- | data/CVE/list.2017 | 10 | ||||
-rw-r--r-- | data/CVE/list.2018 | 14 | ||||
-rw-r--r-- | data/CVE/list.2019 | 12 |
4 files changed, 20 insertions, 20 deletions
diff --git a/data/CVE/list.2013 b/data/CVE/list.2013 index 0cf7e4e4ee..af225c318c 100644 --- a/data/CVE/list.2013 +++ b/data/CVE/list.2013 @@ -8192,7 +8192,7 @@ CVE-2013-4365 (Heap-based buffer overflow in the fcgid_header_bucket_read functi CVE-2013-4364 ((1) oo-analytics-export and (2) oo-analytics-import in the openshift-o ...) NOT-FOR-US: OpenShift CVE-2013-4363 (Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION ...) - - rubygems <removed> (unimportant; bug #722361) + - rubygems <unfixed> (unimportant; bug #722361) - libgems-ruby <removed> (unimportant; bug #722361) NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing NOTE: it a potential elevated CPU consumption doesn't add any extra harm @@ -8482,7 +8482,7 @@ CVE-2013-4288 (Race condition in PolicyKit (aka polkit) allows local users to by [squeeze] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API) [wheezy] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API) CVE-2013-4287 (Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN ...) - - rubygems <removed> (unimportant; bug #722361) + - rubygems <unfixed> (unimportant; bug #722361) - libgems-ruby <removed> (unimportant; bug #722361) NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing NOTE: it a potential elevated CPU consumption doesn't add any extra harm diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index eee288a04e..689f899299 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -49826,7 +49826,7 @@ CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a po - ruby2.1 <removed> - ruby1.9.1 <removed> [wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later) - - rubygems <removed> + - rubygems <unfixed> [wheezy] - rubygems <not-affected> (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2017/10/10/2 NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html @@ -49837,7 +49837,7 @@ CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijack - ruby2.1 <removed> - ruby1.9.1 <removed> [wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later) - - rubygems <removed> + - rubygems <unfixed> [wheezy] - rubygems <not-affected> (Vulnerable code introduced later) NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html @@ -49848,7 +49848,7 @@ CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specificati - ruby2.3 2.3.3-1+deb9u1 (bug #873802) - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <removed> + - rubygems <unfixed> NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch @@ -49858,7 +49858,7 @@ CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously - ruby2.3 2.3.3-1+deb9u1 (bug #873802) - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <removed> + - rubygems <unfixed> NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch @@ -49868,7 +49868,7 @@ CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously - ruby2.3 2.3.3-1+deb9u1 (unimportant; bug #873802) - ruby2.1 <removed> (unimportant) - ruby1.9.1 <removed> (unimportant) - - rubygems <removed> (unimportant) + - rubygems <unfixed> (unimportant) NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index ca17209133..1dcab54404 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -36959,7 +36959,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby2.1 <removed> - ruby1.9.1 <removed> [wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport) - - rubygems <removed> + - rubygems <unfixed> [wheezy] - rubygems <not-affected> (Vulnerable code not present) - jruby 9.1.17.0-1 (bug #895778) [jessie] - jruby <not-affected> (Vulnerable code not present) @@ -36973,7 +36973,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby2.3 <removed> - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <removed> + - rubygems <unfixed> - jruby 9.1.17.0-1 (bug #895778) NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ @@ -36983,7 +36983,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby2.3 <removed> - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <removed> + - rubygems <unfixed> - jruby 9.1.17.0-1 (bug #895778) NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ @@ -36993,7 +36993,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby2.3 <removed> - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <removed> + - rubygems <unfixed> - jruby 9.1.17.0-1 (bug #895778) NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ @@ -37003,7 +37003,7 @@ CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby2.3 <removed> - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <removed> + - rubygems <unfixed> - jruby 9.1.17.0-1 (bug #895778) NOTE: https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ @@ -37014,7 +37014,7 @@ CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby2.1 <removed> - ruby1.9.1 <removed> [wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport) - - rubygems <removed> + - rubygems <unfixed> [wheezy] - rubygems <no-dsa> (Minor issue) - jruby 9.1.17.0-1 (bug #895778) NOTE: https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d @@ -37026,7 +37026,7 @@ CVE-2018-1000073 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby2.1 <removed> - ruby1.9.1 <removed> [wheezy] - ruby1.9.1 <not-affected> (Vulnerable code not present) - - rubygems <removed> + - rubygems <unfixed> [wheezy] - rubygems <not-affected> (Vulnerable code not present) - jruby 9.1.17.0-2.1 (bug #895778; bug #925986) [jessie] - jruby <not-affected> (Vulnerable code not present) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 405a832c7d..da99914283 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -34466,7 +34466,7 @@ CVE-2019-8325 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. - ruby2.5 2.5.5-1 - ruby2.3 <removed> - ruby2.1 <removed> - - rubygems <removed> + - rubygems <unfixed> - jruby 9.1.17.0-3 (bug #925987) NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html @@ -34476,7 +34476,7 @@ CVE-2019-8324 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. - ruby2.5 2.5.5-1 - ruby2.3 <removed> - ruby2.1 <removed> - - rubygems <removed> + - rubygems <unfixed> - jruby 9.1.17.0-3 (bug #925987) NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html @@ -34486,7 +34486,7 @@ CVE-2019-8323 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. - ruby2.5 2.5.5-1 - ruby2.3 <removed> - ruby2.1 <removed> - - rubygems <removed> + - rubygems <unfixed> - jruby 9.1.17.0-3 (bug #925987) NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html @@ -34496,7 +34496,7 @@ CVE-2019-8322 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. - ruby2.5 2.5.5-1 - ruby2.3 <removed> - ruby2.1 <removed> - - rubygems <removed> + - rubygems <unfixed> - jruby 9.1.17.0-3 (bug #925987) NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html @@ -34507,7 +34507,7 @@ CVE-2019-8321 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. - ruby2.3 <removed> - ruby2.1 <removed> [jessie] - ruby2.1 <not-affected> (Vulnerable code introduced later) - - rubygems <removed> + - rubygems <unfixed> - jruby 9.1.17.0-3 (bug #925987) NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html @@ -34517,7 +34517,7 @@ CVE-2019-8320 (A Directory Traversal issue was discovered in RubyGems 2.7.6 and - ruby2.5 2.5.5-1 - ruby2.3 <removed> - ruby2.1 <removed> - - rubygems <removed> + - rubygems <unfixed> - jruby 9.1.17.0-3 (bug #925987) [jessie] - jruby <not-affected> (Vulnerable code introduced later) NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ |