[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2019-5477: ruby-nokogiri issue caused by rexical

On  Fr 30 Aug 2019 15:22:23 CEST, Salvatore Bonaccorso wrote:

Hi Mike,

On Fri, Aug 30, 2019 at 11:25:16AM +0000, Mike Gabriel wrote:
However, to address CVE-2019-5477 it should also be associated to the
rexical src:pkg in stretch and later. @security-team: can you please update
data/CVE/list appropriately (instead of me updating it and you correcting my
change)? Thanks!

The CVE is very specific assigned for Nokogiri itself (Nokogiri does
not regnerate the code with rexical AFAICS, but will double check
again). Thus not updating it for now, but I have a pending request to
MITRE to clarify the scope of the CVE.


Thanks for that!


c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgpPyRrSEBnKw.pgp
Description: Digitale PGP-Signatur

Reply to: