Bug#925986: CVE-2018-1000073
Moritz Muehlenhoff
jmm at debian.org
Fri Mar 29 18:37:24 GMT 2019
Package: jruby
Severity: grave
Tags: security
CVE-2018-1000073 is not fixed in the rubygems bundled in jruby,
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2
The other 2018 rubygems issues are fixed in the bundled copy.
For bullseye we should really fix jruby to use a common rubygems
binary package.
Cheers,
Moritz
More information about the pkg-java-maintainers
mailing list