[DRE-maint] Query regarding ruby-mail's recent DoS report

Yadnyawalk Tale ytale at redhat.com
Mon May 18 11:13:56 BST 2020


Hello there,

I work for Red Hat Product Security team, and was wondering if you have an
update on the public report of ruby-mail DoS. Does anyone know if fixes are
merged and ruby-mail requested a CVE?
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960064

We feel this should have a CVE given due to its potential impact if this
turns
out to be a valid flaw. Red Hat is also a CVE Numbering Authority (CNA) but
as
a precedent, ruby-mail should request a CVE to CNA.

Please let us know.

-- 
Yadnyawalk Tale / Red Hat Product Security
1376 736C 0705 3DD9 098C 561C 83F3 543F D303 F537
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20200518/64c26396/attachment.html>


More information about the Pkg-ruby-extras-maintainers mailing list