Bug#686867: jruby: CVE-2011-4838
Moritz Mühlenhoff
jmm at inutil.org
Tue Sep 18 22:17:43 UTC 2012
tags 686867 patch
thanks
On Thu, Sep 06, 2012 at 10:03:58PM +0200, Moritz Muehlenhoff wrote:
> Package: jruby
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
> jruby in Wheezy is still affected by http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4838
> http://www.nruns.com/_downloads/advisory28122011.pdf >
> Since Wheezy already has 1.6.5, updating to 1.6.5.1 seems like a good idea?
Wheezy has 1.5.6, not 1.6.5.
Anyway, I've extracted the patch, it's attached.
Cheers,
Moritz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2011-4838.patch
Type: text/x-diff
Size: 5368 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20120919/6b08cc26/attachment-0001.patch>
More information about the pkg-java-maintainers
mailing list