Package: security-tracker Severity: normal Hello!
According to [DSA-4259-1], ruby2.3/2.3.3-1+deb9u3 fixes a number of vulnerabilities, among which CVE-2017-17405, CVE-2017-17742, CVE-2017-17790, and CVE-2018-6914. However, the tracker pages for [CVE-2017-17405], [CVE-2017-17742], [CVE-2017-17790], and [CVE-2018-6914] seem to disagree. Is the tracker wrong? Please update the tracker data, then. Is the DSA wrong? Please clarify (I searched in the tracker commit history on Salsa, but I failed to find any explicit explanation about this discrepancy...). Thanks for your time! [DSA-4259-1]: <https://lists.debian.org/debian-security-announce/2018/msg00188.html> [CVE-2017-17405]: <https://security-tracker.debian.org/tracker/CVE-2017-17405> [CVE-2017-17742]: <https://security-tracker.debian.org/tracker/CVE-2017-17742> [CVE-2017-17790]: <https://security-tracker.debian.org/tracker/CVE-2017-17790> [CVE-2018-6914]: <https://security-tracker.debian.org/tracker/CVE-2018-6914>