Commit c62859c0 authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso

Mark CVE-2018-12029/passenger as unimportant

The nginx module is actually not build and thus the passenger binary
packages built not affected by the issue.
parent 44448fd2
......@@ -44587,10 +44587,11 @@ CVE-2018-12030 (Chevereto Free before 1.0.13 has XSS. ...)
NOT-FOR-US: Chevereto Free
CVE-2018-12029 (A race condition in the nginx module in Phusion Passenger 3.x through ...)
{DLA-1399-1}
- passenger <unfixed> (bug #921767)
- ruby-passenger <removed>
- passenger <unfixed> (bug #921767; unimportant)
- ruby-passenger <removed> (unimportant)
NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
NOTE: https://github.com/phusion/passenger/commit/207870f5b7f5cc240587ab0977d6046782ae1d86
NOTE: unimportant as nginx module not built.
CVE-2018-12028 (An Incorrect Access Control vulnerability in SpawningKit in Phusion ...)
- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment