https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
We are affected by this in BUSTER via ruby v2.5.3 using rubygems v2.7.6. This is a security vulnerability, it should be fixed ASAP. Ruby 2.5.5 was released to solve the problem. Also the master ruby package still has version 2.5.1, but it depends on the package ruby2.5, which has version 2.5.3. I do not know if this normal for debian, but if not, it should be updated to the version of the package ruby2.5. Sorry if this is incorrectly or already reported, I'm new to debian. Thank you, Hugo Arpin
_______________________________________________ Pkg-ruby-extras-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
