Secure testing commits - Mar 2011 - r16272 - in data: . CVE

Author: jmm
Date: 2011-03-01 08:48:47 +0000 (Tue, 01 Mar 2011)
New Revision: 16272

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
ruby fixed/not-affected/no-dsa


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-03-01 08:38:36 UTC (rev 16271)
+++ data/CVE/list	2011-03-01 08:48:47 UTC (rev 16272)
@@ -280,16 +280,20 @@
 	RESERVED
 CVE-2011-1005 [Ruby Exception methods can bypass $SAFE]
 	RESERVED
-	- ruby1.8 1.8.7.334-1
-	- ruby1.9 <removed>
-	- ruby1.9.1 <unfixed>
-	TODO: check
+	- ruby1.8 1.8.7.334-1 (bug #615517)
+	[lenny] - ruby1.8 <no-dsa> (Minor issue)
+	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
+	- ruby1.9 <not-affected>
+	- ruby1.9.1 <not-affected>
 CVE-2011-1004 [Ruby FileUtils.remove_entry_secure symlink attack]
 	RESERVED
-	- ruby1.8 1.8.7.334-1
-	- ruby1.9 <removed>
-	- ruby1.9.1 <unfixed>
-	TODO: check
+	- ruby1.8 1.8.7.334-1 (bug #615518)
+	[lenny] - ruby1.8 <no-dsa> (Minor issue)
+	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
+	- ruby1.9 <removed> (bug #615519)
+	[lenny] - ruby1.9 <no-dsa> (Minor issue)
+	[squeeze] - ruby1.9 <no-dsa> (Minor issue)
+	- ruby1.9.1 1.9.2.180-1 (bug #615519)
 CVE-2011-1003 (Double free vulnerability in the vba_read_project_strings
function in ...)
 	- clamav 0.97+dfsg-1
 	[lenny] - clamav <end-of-life>

Modified: data/ospu-candidates.txt
==================================================================---
data/ospu-candidates.txt	2011-03-01 08:38:36 UTC (rev 16271)
+++ data/ospu-candidates.txt	2011-03-01 08:48:47 UTC (rev 16272)
@@ -504,11 +504,13 @@
 
 --
 
-ruby1.8 (CVE-2010-0541)
+ruby1.8 (CVE-2010-0541, CVE-2011-1004, CVE-2011-1005)
+#615517, #615518
 
 --
 
-ruby1.9 (CVE-2010-0541)
+ruby1.9 (CVE-2010-0541, CVE-2011-1004)
+#615519
 
 --
 

Modified: data/spu-candidates.txt
==================================================================---
data/spu-candidates.txt	2011-03-01 08:38:36 UTC (rev 16271)
+++ data/spu-candidates.txt	2011-03-01 08:48:47 UTC (rev 16272)
@@ -69,6 +69,16 @@
 
 --
 
+ruby1.8 (CVE-2011-1004, CVE-2011-1005)
+#615517, #615518
+
+--
+
+ruby1.9 (CVE-2011-10045B)
+#615519
+
+--
+
 stunnel (CVE-2011-XXXX)
 http://www.stunnel.org/?page=sdf_ChangeLog (v4.35)