Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'v1-5-3' into benchmark
- Loading branch information
Showing
50 changed files
with
1,503 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,15 @@ | ||
language: ruby | ||
rvm: | ||
- 2.3.0 | ||
- 2.2.3 | ||
- 2.1.0 | ||
- 2.0.0 | ||
- 1.9.3 | ||
- ruby-head | ||
- rbx | ||
notifications: | ||
webhooks: | ||
urls: | ||
- https://webhooks.gitter.im/e/968de5e2c7eb03759e38 | ||
on_success: change # options: [always|never|change] default: always | ||
on_failure: always # options: [always|never|change] default: always | ||
on_start: never # options: [always|never|change] default: always |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -13,4 +13,4 @@ | |
# | "Guido" | x.x.0 | | ||
# | "Luigi" | x.x.0 | | ||
# | "Doc Hudson" | x.x.0 | | ||
1.5.0 - Tow Mater | ||
1.5.2 - Tow Mater |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
cf4452f73eebf4d51e6c7116be78ab835f05157d |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
632579913def064e10c4d6c76cb722140bcb5925 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
module Dawn | ||
module Kb | ||
# Automatically created with rake on 2016-02-01 | ||
class CVE_2015_5312 | ||
include DependencyCheck | ||
|
||
def initialize | ||
message = "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660." | ||
super({ | ||
:title=>title, | ||
:name=> "CVE-2015-5312", | ||
:cve=>"2015-5312", | ||
:osvdb=>"", | ||
:cvss=>"AV:N/AC:M/Au:N/C:N/I:N/A:C", | ||
:release_date => Date.new(2015, 12, 15), | ||
:cwe=>"119", | ||
:owasp=>"A9", | ||
:applies=>["rails", "sinatra", "padrino"], | ||
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, | ||
:message=>message, | ||
:mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.", | ||
:aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"] | ||
}) | ||
|
||
self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}] | ||
self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']} | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
module Dawn | ||
module Kb | ||
# Automatically created with rake on 2016-02-02 | ||
class CVE_2015_7497 | ||
# Include the testing skeleton for this CVE | ||
include DependencyCheck | ||
|
||
def initialize | ||
message ="Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors." | ||
super({ | ||
:title=>title, | ||
:name=> "CVE-2015-7497", | ||
:cve=>"2015-7497", | ||
:osvdb=>"", | ||
:cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P", | ||
:release_date => Date.new(2015, 12, 15), | ||
:cwe=>"119", | ||
:owasp=>"A9", | ||
:applies=>["rails", "sinatra", "padrino"], | ||
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, | ||
:message=>message, | ||
:mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.", | ||
:aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"] | ||
}) | ||
|
||
self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}] | ||
self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']} | ||
|
||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
module Dawn | ||
module Kb | ||
# Automatically created with rake on 2016-02-02 | ||
class CVE_2015_7498 | ||
# Include the testing skeleton for this CVE | ||
include DependencyCheck | ||
|
||
def initialize | ||
message = "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure." | ||
super({ | ||
:title=>title, | ||
:name=> "CVE-2015-7498", | ||
:cve=>"2015-7498", | ||
:osvdb=>"", | ||
:cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P", | ||
:release_date => Date.new(2015, 12, 15), | ||
:cwe=>"119", | ||
:owasp=>"A9", | ||
:applies=>["rails", "sinatra", "padrino"], | ||
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, | ||
:message=>message, | ||
:mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.", | ||
:aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"] | ||
}) | ||
|
||
self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}] | ||
self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']} | ||
|
||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
module Dawn | ||
module Kb | ||
# Automatically created with rake on 2016-02-02 | ||
class CVE_2015_7499 | ||
# Include the testing skeleton for this CVE | ||
include DependencyCheck | ||
|
||
def initialize | ||
message="Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors." | ||
super({ | ||
:title=>title, | ||
:name=> "CVE-2015-7499", | ||
:cve=>"2015-7499", | ||
:osvdb=>"", | ||
:cvss=>"AV:N/AC:L/Au:N/C:P/I:N/A:N", | ||
:release_date => Date.new(2015, 12, 15), | ||
:cwe=>"119", | ||
:owasp=>"A9", | ||
:applies=>["rails", "sinatra", "padrino"], | ||
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, | ||
:message=>message, | ||
:mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.", | ||
:aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"] | ||
}) | ||
|
||
self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}] | ||
self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']} | ||
|
||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
module Dawn | ||
module Kb | ||
# Automatically created with rake on 2016-02-02 | ||
class CVE_2015_7500 | ||
# Include the testing skeleton for this CVE | ||
include DependencyCheck | ||
|
||
def initialize | ||
message = "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags." | ||
super({ | ||
:title=>title, | ||
:name=> "CVE-2015-7500", | ||
:cve=>"2015-7500", | ||
:osvdb=>"", | ||
:cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P", | ||
:release_date => Date.new(2015, 12, 15), | ||
:cwe=>"119", | ||
:owasp=>"A9", | ||
:applies=>["rails", "sinatra", "padrino"], | ||
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, | ||
:message=>message, | ||
:mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.", | ||
:aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"] | ||
}) | ||
|
||
self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}] | ||
self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']} | ||
|
||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
module Dawn | ||
module Kb | ||
# Automatically created with rake on 2016-02-02 | ||
class CVE_2015_7519 | ||
# Include the testing skeleton for this CVE | ||
include DependencyCheck | ||
|
||
def initialize | ||
message ="agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header." | ||
super({ | ||
:title=>title, | ||
:name=> "CVE-2015-7519", | ||
:cve=>"2015-7519", | ||
:osvdb=>"", | ||
:cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N", | ||
:release_date => Date.new(2016, 1, 8), | ||
:cwe=>"119", | ||
:owasp=>"A9", | ||
:applies=>["rails", "sinatra", "padrino"], | ||
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, | ||
:message=>message, | ||
:mitigation=>"Please upgrade passenger gem to version 4.0.60, 5.0.22 or later.", | ||
:aux_links=>["https://blog.phusion.nl/2015/12/07/cve-2015-7519/"] | ||
}) | ||
|
||
self.safe_dependencies = [{:name=>"passenger", :version=>['4.0.60', '5.0.22']}] | ||
|
||
end | ||
end | ||
end | ||
end |
Oops, something went wrong.