* Petter Reinholdtsen <p...@hungry.com> [160102 10:30]: > [Christian Hofstaedtler] > > In 2.1 branch, the fix is in this commit: > > > > https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a > > According to <URL: https://security-tracker.debian.org/tracker/CVE-2009-5147 > >, > this issue is fixed in squeeze but not wheezy and jessie. Are anyone working > on a update to stable?
Sorry, even tough this should be easy to do, so far nobody has found the time to do it. > I noticed this bug as it is the oldest CVE reported by debsecan on my stable > installations, and wondered why a CVE from 2009 was still not fixed in > Jessie. Note, I see from the Redhat bug report that the problem was recently > reintroduced, so it have not been around for 6 years. Yup, for 2.x, this bug was indeed re-introduced at a later date. Best, -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
