Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.security > #6237
| Path | csiph.com!fu-berlin.de!news.servidellagleba.it!bofh.it!news.nic.it!robomod |
|---|---|
| From | Tobias Frost <tobi@debian.org> |
| Newsgroups | linux.debian.security |
| Subject | Re: CVE-2023-33460, ruby-yajl affected? |
| Date | Wed, 05 Jul 2023 18:20:01 +0200 |
| Message-ID | <GOdot-3ap1-5@gated-at.bofh.it> (permalink) |
| References | <GO2Mp-33D9-5@gated-at.bofh.it> <GO79n-36vc-7@gated-at.bofh.it> |
| X-Mailbox-Line | From debian-security-request@lists.debian.org Wed Jul 5 16:12:27 2023 |
| Old-Return-Path | <tobi@debian.org> |
| X-Amavis-Spam-Status | No, score=-109.52 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DIGITS_LETTERS=1, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, LDO_WHITELIST=-5, MD5_SHA1_SUM=-1, RCVD_IN_DNSWL_MED=-2.3, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no |
| MIME-Version | 1.0 |
| Content-Type | text/plain; charset=iso-8859-1 |
| Content-Disposition | inline |
| Content-Transfer-Encoding | 8bit |
| X-Debian-User | tobi |
| X-Mailing-List | <debian-security@lists.debian.org> archive/latest/29403 |
| List-ID | <debian-security.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-security/> |
| List-Archive | https://lists.debian.org/msgid-search/ZKWSxtlwhX5kpx+B@isildor.loewenhoehle.ip |
| Approved | robomod@news.nic.it |
| Lines | 19 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Cc | debian-security@lists.debian.org, Debian LTS <debian-lts@lists.debian.org>, Anton Gladky <gladk@debian.org> |
| X-Original-Date | Wed, 5 Jul 2023 17:56:54 +0200 |
| X-Original-Message-ID | <ZKWSxtlwhX5kpx+B@isildor.loewenhoehle.ip> |
| X-Original-References | <CALF6qJnB54MTcMXLFSj1vz1BA-J0mdUjEYGDjBiWrFk=ZLxVqg@mail.gmail.com> <3389473.b9s1R4cD0y@portable-bastien> |
| Xref | csiph.com linux.debian.security:6237 |
Show key headers only | View raw
On Wed, Jul 05, 2023 at 09:06:15AM +0000, Bastien Roucariès wrote: > Le mercredi 5 juillet 2023, 04:52:48 UTC Anton Gladky a écrit : > > Hello, > > > > I am looking into CVE-2023-33460 and I am not sure that ruby-yajl > > is affected. There is no direct dependency on yajl, where the vulnerability > > was detected. > ruby-yajl include a old version of yajl 1.01.12 > > The vuln code was introduced by https://github.com/lloyd/yajl/commit/cfa9f8fcb12d80dd5ebf94f5e6a607aab4d225fb in version 2.1.0 in 2010 This matches my investation, however, a small correction: This commit is already part of version 2.0.0. I've added note in data/CVE/list accordingly. -- Cheers, tobi
Back to linux.debian.security | Previous | Next — Previous in thread | Next in thread | Find similar
CVE-2023-33460, ruby-yajl affected? Anton Gladky <gladk@debian.org> - 2023-07-05 07:00 +0200
Re: CVE-2023-33460, ruby-yajl affected? Bastien Roucariès <bastien.roucaries@cyu.fr> - 2023-07-05 11:40 +0200
Re: CVE-2023-33460, ruby-yajl affected? Tobias Frost <tobi@debian.org> - 2023-07-05 18:20 +0200
Re: CVE-2023-33460, ruby-yajl affected? Anton Gladky <gladk@debian.org> - 2023-07-06 06:30 +0200
csiph-web