Commit ad39d5ae authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso

Add related commits to CVE-2019-12029

Upstream included 9ed61bb4641b ("Ruby code: use {f,l}{chmod,chown} where
possible to protect against symlink attacks") in the 5.3.2 release which
can be seen as hardening which relates to the nginx module issue.
parent 7fc724ea
......@@ -44592,6 +44592,9 @@ CVE-2018-12029 (A race condition in the nginx module in Phusion Passenger 3.x th
NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
NOTE: https://github.com/phusion/passenger/commit/207870f5b7f5cc240587ab0977d6046782ae1d86 (release-5.3.2)
NOTE: unimportant as nginx module not built.
NOTE: Related hardening commits:
NOTE: https://github.com/phusion/passenger/commit/9ed61bb4641ba1f5158fca3840d4e4088805b5af (release-5.3.2)
NOTE: https://github.com/phusion/passenger/commit/4f663c8246f529e32575d50196d11cde12a6dfda (release-5.3.3)
CVE-2018-12028 (An Incorrect Access Control vulnerability in SpawningKit in Phusion ...)
- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment