Author: gilbert-guest Date: 2010-01-25 03:01:25 +0000 (Mon, 25 Jan 2010) New Revision: 13913 Modified: data/CVE/list Log: ruby issue is already in the tracker Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-01-25 02:58:08 UTC (rev 13912) +++ data/CVE/list 2010-01-25 03:01:25 UTC (rev 13913) @@ -22,10 +22,6 @@ - phpbb2 <removed> NOTE: http://www.openwall.com/lists/oss-security/2010/01/16/2 TODO: check -CVE-2010-XXXX [ruby: escape sequence injection] - - ruby1.9.1 1.9.1.378-1 (medium; bug #564646) - - ruby1.9 <unfixed> (medium; bug #564647) - - ruby1.8 <unfixed> (medium; bug #564598) CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash ActiveX ...) TODO: check CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as ...) @@ -950,8 +946,8 @@ NOT-FOR-US: Orion httpd CVE-2009-4492 (WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through ...) - ruby1.8 1.8.7.249-1 (unimportant; bug #564598) - - ruby1.8 1.8.7.249-1 (unimportant; bug #564598) - ruby1.9 <unfixed> (unimportant; bug #564647) + - ruby1.9.1 1.9.1.378-1 (medium; bug #564646) NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487 NOTE: same as CVE-2009-4487 CVE-2009-4491 (thttpd 2.25b0 writes data to a log file without sanitizing ...)