[DRE-maint] Multiple vulnerabilities in RubyGems
Hugo Arpin
arpin.hugo at gmail.com
Fri Mar 15 13:40:03 GMT 2019
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
We are affected by this in BUSTER via ruby v2.5.3 using rubygems v2.7.6.
This is a security vulnerability, it should be fixed ASAP.
Ruby 2.5.5 was released to solve the problem.
Also the master ruby package still has version 2.5.1, but it depends on the
package ruby2.5, which has version 2.5.3.
I do not know if this normal for debian, but if not, it should be updated
to the version of the package ruby2.5.
Sorry if this is incorrectly or already reported, I'm new to debian.
Thank you,
Hugo Arpin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20190315/8053409a/attachment.html>
More information about the Pkg-ruby-extras-maintainers
mailing list