Control: reassign -1 ruby2.1 Control: found -1 2.1.5-2+deb8u3 Hi,
* Moritz Muehlenhoff <j...@debian.org> [170120 00:05]: > this has been assigned CVE-2016-2339: > http://www.talosintelligence.com/reports/TALOS-2016-0034/ > > Patch is here: > https://github.com/ruby/ruby/commit/bcc2421b4938fc1d9f5f3fb6ef2320571b27af42 If I'm reading all those right, this is actually fixed since 2.3.0; this issue is likely open in 2.1.x. Reassigning. For the TclTk issue, looks like this upstream patch: https://github.com/ruby/ruby/commit/a2b8925a94a672235ca6a16e584bf09026a957ab If this is the correct patch, 2.3.0 has this fixed, but 2.1.x needs a patch. Would be good if somebody could crosscheck this. Thanks, -- christian hofstaedtler <z...@debian.org>