Hi, Am Freitag, 30. August 2019 schrieb Salvatore Bonaccorso: > hi Mike, > > On Fri, Aug 30, 2019 at 03:22:23PM +0200, Salvatore Bonaccorso wrote: > > Hi Mike, > > > > On Fri, Aug 30, 2019 at 11:25:16AM +0000, Mike Gabriel wrote: > > > However, to address CVE-2019-5477 it should also be associated to the > > > rexical src:pkg in stretch and later. @security-team: can you please > > > update > > > data/CVE/list appropriately (instead of me updating it and you correcting > > > my > > > change)? Thanks! > > > > The CVE is very specific assigned for Nokogiri itself (Nokogiri does > > not regnerate the code with rexical AFAICS, but will double check > > again). Thus not updating it for now, but I have a pending request to > > MITRE to clarify the scope of the CVE. > > MITRE confirmed the scope can be covered by the change in rexical as > well considering it a vulnerability in that source as well. > > Thus following that, I added it now. > > Regards, > Salvatore >
Thanks for handling this and updating the tracker. Mike -- Gesendet von meinem Fairphone2 (powered by Sailfish OS). _______________________________________________ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers