[Git][security-tracker-team/security-tracker][master] dla: add ruby-nokogiri following conversation with initial triager

Sat Apr 3 15:21:03 BST 2021


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65eb762a by Sylvain Beucler at 2021-04-03T16:20:37+02:00
dla: add ruby-nokogiri following conversation with initial triager

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -128,6 +128,10 @@ ruby-kaminari
   NOTE: 20201009: This (↑) is an app-level patch for a rails app. A library-level patch
   NOTE: 20201009: will needed to be written. Opened an issue at upstream, though somewhat inactive. (utkarsh)
 --
+ruby-nokogiri
+  NOTE: 20210403: CVE-2020-26247: Java-level API not included in stretch but CVE also affects C/Ruby-level APIs;
+  NOTE: 20210403: check if default change (trust -> don't trust external schemas) possibly breaks compatibility (Beuc)
+--
 salt (Utkarsh)
   NOTE: 20210329: WIP (utkarsh)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65eb762a4cf7417f9bec08ab6a945d078684642d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65eb762a4cf7417f9bec08ab6a945d078684642d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210403/073ac4f5/attachment.htm>
