New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Bug #45
Comments
|
Hi! I'm not sure what there is for us to do here... |
|
Awaiting #43 I guess? |
|
Ah. You already have a PR regarding this? As I am the co-maintainer of the debian package, I forwarded the bug to the upstream (here). Sorry for the redundancy. :) I just saw that @f3ndot was the guy who actually requested that CVE. ;) |
|
No problem, thanks for the update! We'll push out a new release once the PR is done. |
|
@balasankarc, I noticed that you marked the severity as 'grave,' which it probably shouldn't be. While a valid security issue, this is a very narrow vulnerability, as described by @f3ndot himself. :) |
|
Ah. It wasn't me who filed that bug (and marked it grave). The guy marked that is part of Debian Seciruty team I believe. Anyway, that is not big a deal right now as we are not looking for another Debian release anytime soon. Once that PR gets done, we can close that bug. Till then it is highly unlikely to affect anybody. I packaged the gem for the on going GitLab packaging and I am pretty sure no one is affected by it having a grave severity. :) |
|
@balasankarc fix is merged & released in 2.0.0 and the issue has been assigned CVE-2015-7225, OSVDB pending. |
|
Thanks. I've updated the Debian package. :) |
Hi,
Can you take a look at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798466 ?
The text was updated successfully, but these errors were encountered: