From 96061d6a437070621a681323b72dbdc7f27670e0 Mon Sep 17 00:00:00 2001 From: Sho Hashimoto Date: Thu, 31 Aug 2017 13:06:38 +0900 Subject: [PATCH] Add RubyGems's vulnerabilities fixed by 2.6.13. --- libraries/rubygems/CVE-2017-0899.yml | 11 +++++++++++ libraries/rubygems/CVE-2017-0900.yml | 11 +++++++++++ libraries/rubygems/CVE-2017-0901.yml | 11 +++++++++++ libraries/rubygems/CVE-2017-0902.yml | 11 +++++++++++ 4 files changed, 44 insertions(+) create mode 100644 libraries/rubygems/CVE-2017-0899.yml create mode 100644 libraries/rubygems/CVE-2017-0900.yml create mode 100644 libraries/rubygems/CVE-2017-0901.yml create mode 100644 libraries/rubygems/CVE-2017-0902.yml diff --git a/libraries/rubygems/CVE-2017-0899.yml b/libraries/rubygems/CVE-2017-0899.yml new file mode 100644 index 0000000000..4a9f1151dd --- /dev/null +++ b/libraries/rubygems/CVE-2017-0899.yml @@ -0,0 +1,11 @@ +--- +library: rubygems +cve: 2017-0899 +url: http://blog.rubygems.org/2017/08/27/2.6.13-released.html +title: | + an ANSI escape sequence vulnerability. +date: 2017-08-27 +description: | + an ANSI escape sequence vulnerability. +patched_versions: + - ">= 2.6.13" diff --git a/libraries/rubygems/CVE-2017-0900.yml b/libraries/rubygems/CVE-2017-0900.yml new file mode 100644 index 0000000000..f5236a82ca --- /dev/null +++ b/libraries/rubygems/CVE-2017-0900.yml @@ -0,0 +1,11 @@ +--- +library: rubygems +cve: 2017-0900 +url: http://blog.rubygems.org/2017/08/27/2.6.13-released.html +title: | + A DoS vulnerability in the query command. +date: 2017-08-27 +description: | + A DoS vulnerability in the query command. +patched_versions: + - ">= 2.6.13" diff --git a/libraries/rubygems/CVE-2017-0901.yml b/libraries/rubygems/CVE-2017-0901.yml new file mode 100644 index 0000000000..82ced8883f --- /dev/null +++ b/libraries/rubygems/CVE-2017-0901.yml @@ -0,0 +1,11 @@ +--- +library: rubygems +cve: 2017-0901 +url: http://blog.rubygems.org/2017/08/27/2.6.13-released.html +title: | + A vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. +date: 2017-08-27 +description: | + A vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. +patched_versions: + - ">= 2.6.13" diff --git a/libraries/rubygems/CVE-2017-0902.yml b/libraries/rubygems/CVE-2017-0902.yml new file mode 100644 index 0000000000..b797ad390a --- /dev/null +++ b/libraries/rubygems/CVE-2017-0902.yml @@ -0,0 +1,11 @@ +--- +library: rubygems +cve: 2017-0902 +url: http://blog.rubygems.org/2017/08/27/2.6.13-released.html +title: | + A DNS request hijacking vulnerability. +date: 2017-08-27 +description: | + A DNS request hijacking vulnerability. +patched_versions: + - ">= 2.6.13"