Skip to content
GitLab
Explore
Sign in
Register
Commits on Source (3)
Notes/fixed by for ruby's issues: CVE-2018-6914 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780
· 2fca27b8
Santiago R.R.
authored
Apr 04, 2018
Signed-off-by:
Santiago R.R
<
santiagorr@riseup.net
>
2fca27b8
Merge remote-tracking branch 'refs/remotes/origin/master'
· fae6a38a
Santiago R.R.
authored
Apr 04, 2018
fae6a38a
Merge remote-tracking branch 'refs/remotes/origin/master'
· a1bf3923
Santiago R.R.
authored
Apr 04, 2018
a1bf3923
Show whitespace changes
Inline
Side-by-side
data/CVE/list
View file @
a1bf3923
...
...
@@ -1304,18 +1304,26 @@ CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
NOTE: https://hackerone.com/reports/302338
NOTE: Fixed by: https://github.com/ruby/ruby/commit/bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8
NOTE: Fixed by: https://github.com/ruby/ruby/commit/143eb22f1877815dd802f7928959c5f93d4c7bb3 (2.2.10)
CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
NOTE: https://hackerone.com/reports/302997
NOTE: Fixed by: https://github.com/ruby/ruby/commit/8794dec6a5f11adc5cdd19a5ee91ea6b0816763f
NOTE: Fixed by: https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9 (2.2.10)
CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
NOTE: https://hackerone.com/reports/298246
NOTE: Fixed by: https://github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859 (2.2.10)
CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
- ruby2.5 2.5.1-1
- ruby2.3 <unfixed>
...
...
@@ -6367,6 +6375,9 @@ CVE-2018-6914 (Directory traversal vulnerability in the Dir.mktmpdir method in t
- ruby2.1 <removed>
- ruby1.9.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
NOTE: https://hackerone.com/reports/302298
NOTE: Fixed by: https://github.com/ruby/ruby/commit/10b96900b90914b0cc1dba36f9736c038db2859d
NOTE: Fixed by: https://github.com/ruby/ruby/commit/e9ddf2ba41a0bffe1047e33576affd48808c5d0b (2.2.10)
CVE-2018-1000063
REJECTED
CVE-2017-18179 (Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring ...)
Santiago R.R <santiagorr@riseup.net>
Santiago R.R <santiagorr@riseup.net>