Commit ad3459ad authored by Freexian Bot's avatar Freexian Bot
parents e4e99451 d5e815a3
...@@ -44617,10 +44617,14 @@ CVE-2018-12030 (Chevereto Free before 1.0.13 has XSS. ...) ...@@ -44617,10 +44617,14 @@ CVE-2018-12030 (Chevereto Free before 1.0.13 has XSS. ...)
NOT-FOR-US: Chevereto Free NOT-FOR-US: Chevereto Free
CVE-2018-12029 (A race condition in the nginx module in Phusion Passenger 3.x through ...) CVE-2018-12029 (A race condition in the nginx module in Phusion Passenger 3.x through ...)
{DLA-1399-1} {DLA-1399-1}
- passenger <unfixed> (bug #921767) - passenger <unfixed> (bug #921767; unimportant)
- ruby-passenger <removed> - ruby-passenger <removed> (unimportant)
NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/ NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
NOTE: https://github.com/phusion/passenger/commit/207870f5b7f5cc240587ab0977d6046782ae1d86 NOTE: https://github.com/phusion/passenger/commit/207870f5b7f5cc240587ab0977d6046782ae1d86 (release-5.3.2)
NOTE: unimportant as nginx module not built.
NOTE: Related hardening commits:
NOTE: https://github.com/phusion/passenger/commit/9ed61bb4641ba1f5158fca3840d4e4088805b5af (release-5.3.2)
NOTE: https://github.com/phusion/passenger/commit/4f663c8246f529e32575d50196d11cde12a6dfda (release-5.3.3)
NOTE: https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc NOTE: https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
CVE-2018-12028 (An Incorrect Access Control vulnerability in SpawningKit in Phusion ...) CVE-2018-12028 (An Incorrect Access Control vulnerability in SpawningKit in Phusion ...)
- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit) - passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment