[DRE-maint] Bug#913093: ruby-i18n: CVE-2014-10077

Chris Lamb lamby at debian.org
Fri Nov 16 16:49:21 GMT 2018

Hi Salvatore et al.,

> Source: ruby-i18n
> CVE-2014-10077[0]:
> | Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0
> | for Ruby allows remote attackers to cause a denial of service
> | (application crash) via a call in a situation where :some_key is
> | present in keep_keys but not present in the hash.

Security team, I would be more than happy to prepare and upload a
stable security upload of this package when addressing it in jessie
LTS. Please let me know and I will come back with a debdiff.

Ruby team, I could easily upload to sid at the same time. Let me
know too. (I believe I have the requisite powers in Salsa already.)

Best wishes,

     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk

More information about the Pkg-ruby-extras-maintainers mailing list