Adds additional backdoored gems. #409
Conversation
There was a problem hiding this comment.
Thanks so much for the work! There are a few things that need to be fixed before this can be landed, but really do appreciate your efforts so far.
I've commented on a few things only on specific gems, but most of my comments apply to all the entries, so please correct all of them in your next update.
|
Also, not sure why Travis CI passed on a few of these, as there are problems. Should look into that. |
|
RE: Travis CI passing them, a handful of the issues (positioning of CVE and ghsa tags in particular) stem from the GHSA sync tool's default. We may want to investigate adjusting the tool's output. |
|
Thanks @ingemar, broken links are fixed. |
jjarmoc
force-pushed
the
master
branch
2 times, most recently
from
d943de7 to
a5a036d
Compare
|
Got your comments covered, @reedloden. phew |
Squash commits re: CVE-2019-15224 addition Fix formatting. rspec all green now. First pass at CVE-2019-* GHSA sync Address @reedloden's PR comments. Update gems/awesome-bot/CVE-2019-15224.yml Co-Authored-By: ingemar <ingemar@xox.se> Update gems/bitcoin_vanity/CVE-2019-15224.yml Co-Authored-By: ingemar <ingemar@xox.se> Fix incorrect links Update titles for CVE-2019-15224 related entries. Update description Remove redundant reference. Fix GHSA formatting fix GHSA formatting List versions consistently. Fix GHSA formatting Add better reference Multiple changes: - Update reference URL - Update description - Move CVE and CVSS entries Multiple Changes: - Moved CVE & CVSS entires - Changed reference URL - Fixed version formatting - Reformatted description Update reference URL Add GHSA, fix description. Spaces > Tabs Fight me. Spaces > Tabs Fight me. Spaces > Tabs Change my mind.
|
I downloaded this PR locally, made some edits, and just merged this to master. It didn't close the PR for some reason, but this has been landed! Thank you so much, @jjarmoc, for all the hard work on this. Really do appreciate it! This project would not survive without all the volunteer contributors such as yourself. |
This PR adds additional gems affected by CVE-2019-15224 following GHSA's lead by including them under a single CVE and GHSA ID.
I've also included updates for all CVE-2019-* advisories added to GHSA since last sync.
There's a few more (older) GHSA vulns to be sync'd over yet..