Skip to content

Commits on Source 4

Show whitespace changes
Inline Side-by-side
data/CVE/list
View file @ d5e815a3
......@@ -44617,10 +44617,14 @@ CVE-2018-12030 (Chevereto Free before 1.0.13 has XSS. ...)
NOT-FOR-US: Chevereto Free
CVE-2018-12029 (A race condition in the nginx module in Phusion Passenger 3.x through ...)
{DLA-1399-1}
- passenger <unfixed> (bug #921767)
- ruby-passenger <removed>
- passenger <unfixed> (bug #921767; unimportant)
- ruby-passenger <removed> (unimportant)
NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
NOTE: https://github.com/phusion/passenger/commit/207870f5b7f5cc240587ab0977d6046782ae1d86
NOTE: https://github.com/phusion/passenger/commit/207870f5b7f5cc240587ab0977d6046782ae1d86 (release-5.3.2)
NOTE: unimportant as nginx module not built.
NOTE: Related hardening commits:
NOTE: https://github.com/phusion/passenger/commit/9ed61bb4641ba1f5158fca3840d4e4088805b5af (release-5.3.2)
NOTE: https://github.com/phusion/passenger/commit/4f663c8246f529e32575d50196d11cde12a6dfda (release-5.3.3)
NOTE: https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
CVE-2018-12028 (An Incorrect Access Control vulnerability in SpawningKit in Phusion ...)
- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)