Commit ad39d5ae authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso

Add related commits to CVE-2019-12029

Upstream included 9ed61bb4641b ("Ruby code: use {f,l}{chmod,chown} where
possible to protect against symlink attacks") in the 5.3.2 release which
can be seen as hardening which relates to the nginx module issue.
parent 7fc724ea
......@@ -44592,6 +44592,9 @@ CVE-2018-12029 (A race condition in the nginx module in Phusion Passenger 3.x th
NOTE: (release-5.3.2)
NOTE: unimportant as nginx module not built.
NOTE: Related hardening commits:
NOTE: (release-5.3.2)
NOTE: (release-5.3.3)
CVE-2018-12028 (An Incorrect Access Control vulnerability in SpawningKit in Phusion ...)
- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment