oss-sec mailing list archives
Re: Nokogiri security update v1.10.3
From: Mike Dalessio <mike.dalessio () gmail com>
Date: Tue, 23 Apr 2019 10:05:50 -0400
Florian, thanks for the clarification. NVD indicates that this is a CVSS v3.0 severity "9.8: Critical". Here are permalinks: - NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2019-11068#vulnCurrentDescriptionTitle - expanded CVSS 3.0 score: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2019-11068&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H -m On Tue, Apr 23, 2019 at 5:00 AM Florian Weimer <fweimer () redhat com> wrote:
* Mike Dalessio:This is a security release. It addresses a CVE in upstream libxslt ratedas"Priority: medium" by Canonical, and "NVD Severity: high" by Debian. More details are available below.Note that the Debian security tracker only relays what NVD provides in this field. It is not updated if a separate review yields different results. Thanks, Florian
Current thread:
- Nokogiri security update v1.10.3 Mike Dalessio (Apr 22)
- Re: Nokogiri security update v1.10.3 Florian Weimer (Apr 23)
- Re: Nokogiri security update v1.10.3 Mike Dalessio (Apr 23)
- Re: Nokogiri security update v1.10.3 Florian Weimer (Apr 23)