[DRE-maint] CVE-2019-5477: ruby-nokogiri issue caused by rexical
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 30 14:22:23 BST 2019
Hi Mike,
On Fri, Aug 30, 2019 at 11:25:16AM +0000, Mike Gabriel wrote:
> However, to address CVE-2019-5477 it should also be associated to the
> rexical src:pkg in stretch and later. @security-team: can you please update
> data/CVE/list appropriately (instead of me updating it and you correcting my
> change)? Thanks!
The CVE is very specific assigned for Nokogiri itself (Nokogiri does
not regnerate the code with rexical AFAICS, but will double check
again). Thus not updating it for now, but I have a pending request to
MITRE to clarify the scope of the CVE.
Regards,
Salvatore
More information about the Pkg-ruby-extras-maintainers
mailing list