[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2019-5477: ruby-nokogiri issue caused by rexical

Hi Mike,

On Fri, Aug 30, 2019 at 11:25:16AM +0000, Mike Gabriel wrote:
> However, to address CVE-2019-5477 it should also be associated to the
> rexical src:pkg in stretch and later. @security-team: can you please update
> data/CVE/list appropriately (instead of me updating it and you correcting my
> change)? Thanks!

The CVE is very specific assigned for Nokogiri itself (Nokogiri does
not regnerate the code with rexical AFAICS, but will double check
again). Thus not updating it for now, but I have a pending request to
MITRE to clarify the scope of the CVE.


Reply to: