On Fr 30 Aug 2019 15:22:23 CEST, Salvatore Bonaccorso wrote:
Hi Mike, On Fri, Aug 30, 2019 at 11:25:16AM +0000, Mike Gabriel wrote:However, to address CVE-2019-5477 it should also be associated to the rexical src:pkg in stretch and later. @security-team: can you please update data/CVE/list appropriately (instead of me updating it and you correcting my change)? Thanks!The CVE is very specific assigned for Nokogiri itself (Nokogiri does not regnerate the code with rexical AFAICS, but will double check again). Thus not updating it for now, but I have a pending request to MITRE to clarify the scope of the CVE. Regards, Salvatore
Thanks for that! Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Attachment:
pgpPyRrSEBnKw.pgp
Description: Digitale PGP-Signatur