nion at alioth.debian.org
2009-Jan-15 18:39 UTC
[Secure-testing-commits] r10963 - data/CVE
Author: nion
Date: 2009-01-15 18:39:53 +0000 (Thu, 15 Jan 2009)
New Revision: 10963
Modified:
data/CVE/list
Log:
CVE-2008-3443 fixed in ruby1.9 1.9.0.2-9
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-01-15 18:11:21 UTC (rev 10962)
+++ data/CVE/list 2009-01-15 18:39:53 UTC (rev 10963)
@@ -6216,8 +6216,10 @@
CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and
earlier, ...)
{DSA-1695-1}
- ruby1.8 1.8.7.72-1 (low; bug #494401)
- - ruby1.9 <unfixed> (low)
+ - ruby1.9 1.9.0.2-9 (low)
NOTE: Upstream commits 18212 (for 1.8) and 18213 (for 1.9).
+ NOTE: this specific problem does not exist in ruby1.9 but a very similar
problem
+ NOTE: that has been fixed in this version (308_regexp_segv.dpatch)
CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of
...)
NOT-FOR-US: WinZip
CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the
authenticity ...)