Thanks all for the discussion.
@Tobias, thanks for marking the CVE in the list.
Best regards
Anton
Am Mi., 5. Juli 2023 um 17:56 Uhr schrieb Tobias Frost :
> On Wed, Jul 05, 2023 at 09:06:15AM +, Bastien Roucaričs wrote:
> > Le mercredi 5 juillet 2023, 04:52:48 UTC Anton Gladky a écrit :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 05 Jul 2023 16:02:33 -0400
Source: golang-yaml.v2
Architecture: source
Version: 2.2.2-1+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian Go Packaging Team
Changed-By: Roberto C. Sánchez
Changes:
-
Debian LTS Advisory DLA-3479-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Roberto C. Sánchez
July 05, 2023 https://wiki.debian.org/LTS
On Wed, Jul 05, 2023 at 09:06:15AM +, Bastien Roucariès wrote:
> Le mercredi 5 juillet 2023, 04:52:48 UTC Anton Gladky a écrit :
> > Hello,
> >
> > I am looking into CVE-2023-33460 and I am not sure that ruby-yajl
> > is affected. There is no direct dependency on yajl, where the vulnerability
Am 5. Juli 2023 04:52:48 UTC schrieb Anton Gladky :
>Hello,
>
>I am looking into CVE-2023-33460 and I am not sure that ruby-yajl
>is affected. There is no direct dependency on yajl, where the vulnerability
>was detected.
>
>Should ruby-yajl be unmarked as affected by this CVE?
>
>Thank you
>
Le mercredi 5 juillet 2023, 04:52:48 UTC Anton Gladky a écrit :
> Hello,
>
> I am looking into CVE-2023-33460 and I am not sure that ruby-yajl
> is affected. There is no direct dependency on yajl, where the vulnerability
> was detected.
ruby-yajl include a old version of yajl 1.01.12
The vuln