Bug#851161: CVE-2016-2337 CVE-2016-2339

On Fri, Jan 20, 2017 at 11:25:22AM +0100, Moritz Muehlenhoff wrote: > On Fri, Jan 20, 2017 at 11:14:57AM +0100, Salvatore Bonaccorso wrote: > > @Moritz, strong opinion on that? If noth I would say to mark all of > > the ruby2.1 CVEs open (CVE-2016-7798, CVE-2016-2337 and CVE-2016-2339) > > as

Bug#851161: CVE-2016-2337 CVE-2016-2339

On Fri, Jan 20, 2017 at 11:14:57AM +0100, Salvatore Bonaccorso wrote: > @Moritz, strong opinion on that? If noth I would say to mark all of > the ruby2.1 CVEs open (CVE-2016-7798, CVE-2016-2337 and CVE-2016-2339) > as no-dsa and include them (if you can) in the next point release or > for any

Bug#851161: CVE-2016-2337 CVE-2016-2339

Hi! On Fri, Jan 20, 2017 at 10:55:32AM +0100, Christian Hofstaedtler wrote: > * Salvatore Bonaccorso [170120 09:48]: > > > For the TclTk issue, looks like this upstream patch: > > > https://github.com/ruby/ruby/commit/a2b8925a94a672235ca6a16e584bf09026a957ab > > > If this is

Bug#851161: CVE-2016-2337 CVE-2016-2339

* Salvatore Bonaccorso [170120 09:48]: > > For the TclTk issue, looks like this upstream patch: > > https://github.com/ruby/ruby/commit/a2b8925a94a672235ca6a16e584bf09026a957ab > > If this is the correct patch, 2.3.0 has this fixed, but 2.1.x needs > > a patch. > > Thanks

Bug#851161: CVE-2016-2337 CVE-2016-2339

On Fri, Jan 20, 2017 at 01:13:41AM +0100, Christian Hofstaedtler wrote: > Control: reassign -1 ruby2.1 > Control: found -1 2.1.5-2+deb8u3 > > Hi, > > * Moritz Muehlenhoff [170120 00:05]: > > this has been assigned CVE-2016-2339: > >