On Fri, Jan 20, 2017 at 11:25:22AM +0100, Moritz Muehlenhoff wrote:
> On Fri, Jan 20, 2017 at 11:14:57AM +0100, Salvatore Bonaccorso wrote:
> > @Moritz, strong opinion on that? If noth I would say to mark all of
> > the ruby2.1 CVEs open (CVE-2016-7798, CVE-2016-2337 and CVE-2016-2339)
> > as
On Fri, Jan 20, 2017 at 11:14:57AM +0100, Salvatore Bonaccorso wrote:
> @Moritz, strong opinion on that? If noth I would say to mark all of
> the ruby2.1 CVEs open (CVE-2016-7798, CVE-2016-2337 and CVE-2016-2339)
> as no-dsa and include them (if you can) in the next point release or
> for any
Hi!
On Fri, Jan 20, 2017 at 10:55:32AM +0100, Christian Hofstaedtler wrote:
> * Salvatore Bonaccorso [170120 09:48]:
> > > For the TclTk issue, looks like this upstream patch:
> > > https://github.com/ruby/ruby/commit/a2b8925a94a672235ca6a16e584bf09026a957ab
> > > If this is
* Salvatore Bonaccorso [170120 09:48]:
> > For the TclTk issue, looks like this upstream patch:
> > https://github.com/ruby/ruby/commit/a2b8925a94a672235ca6a16e584bf09026a957ab
> > If this is the correct patch, 2.3.0 has this fixed, but 2.1.x needs
> > a patch.
>
> Thanks
On Fri, Jan 20, 2017 at 01:13:41AM +0100, Christian Hofstaedtler wrote:
> Control: reassign -1 ruby2.1
> Control: found -1 2.1.5-2+deb8u3
>
> Hi,
>
> * Moritz Muehlenhoff [170120 00:05]:
> > this has been assigned CVE-2016-2339:
> >
5 matches
Mail list logo