Hi Yadnyawalk, No update as of yet. I wasn't aware of the public report. Thanks for letting me know.
Re. CVE, agreed; will do. Thanks, Jeremy On Mon, May 18, 2020 at 3:14 AM Yadnyawalk Tale <[email protected]> wrote: > Hello there, > > I work for Red Hat Product Security team, and was wondering if you have an > update on the public report of ruby-mail DoS. Does anyone know if fixes are > merged and ruby-mail requested a CVE? > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960064 > > We feel this should have a CVE given due to its potential impact if this > turns > out to be a valid flaw. Red Hat is also a CVE Numbering Authority (CNA) > but as > a precedent, ruby-mail should request a CVE to CNA. > > Please let us know. > > -- > Yadnyawalk Tale / Red Hat Product Security > 1376 736C 0705 3DD9 098C 561C 83F3 543F D303 F537 >
_______________________________________________ Pkg-ruby-extras-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
