CVE-2018-1000074: rubygems, jruby & ruby1.9.11

To: Santiago Ruano Rincón <santiagorr@riseup.net>
Cc: debian-lts@lists.debian.org
Subject: CVE-2018-1000074: rubygems, jruby & ruby1.9.11
From: Chris Lamb <lamby@debian.org>
Date: Mon, 02 Apr 2018 08:55:01 +0100
Message-id: <[🔎] 1522655701.313193.1323384240.2F7D4C89@webmail.messagingengine.com>

Hi Santiago,

I just triaged rubygems & jruby for wheezy re. CVE-2018-1000074 and
noticed that ruby1.9.1 is also vulnerable. You still have this latter
package reserved in dla-needed.txt since March 18th.

Can you let me know whether you still wish to work on this package
or whether you would — in addition — like to take the same underlying
issue in rubygems and jruby as well?

If not, no problem, and I will handle all three cases ASAP. Just let
me know.


Best wishes,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Reply to:

Follow-Ups:
- Re: CVE-2018-1000074: rubygems, jruby & ruby1.9.11
  - From: "Santiago R.R." <santiagorr@riseup.net>

Prev by Date: Re: Better communication about spectre/meltdown
Next by Date: Re: [SECURITY] [DLA 1283-1] python-crypto security update
Previous by thread: Re: Better communication about spectre/meltdown
Next by thread: Re: CVE-2018-1000074: rubygems, jruby & ruby1.9.11
Index(es):
- Date
- Thread