Re: CVE-2019-5477: ruby-nokogiri issue caused by rexical
On Fri, Aug 30, 2019 at 11:25:16AM +0000, Mike Gabriel wrote:
> However, to address CVE-2019-5477 it should also be associated to the
> rexical src:pkg in stretch and later. @security-team: can you please update
> data/CVE/list appropriately (instead of me updating it and you correcting my
> change)? Thanks!
The CVE is very specific assigned for Nokogiri itself (Nokogiri does
not regnerate the code with rexical AFAICS, but will double check
again). Thus not updating it for now, but I have a pending request to
MITRE to clarify the scope of the CVE.