Re: Nokogiri security update v1.10.3

[Mike Dalessio <mike.dalessio () gmail com>]

Florian, thanks for the clarification.

NVD indicates that this is a CVSS v3.0 severity "9.8: Critical".

Here are permalinks:

   - NVD entry:
   https://nvd.nist.gov/vuln/detail/CVE-2019-11068#vulnCurrentDescriptionTitle
   - expanded CVSS 3.0 score:
   https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2019-11068&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

-m





On Tue, Apr 23, 2019 at 5:00 AM Florian Weimer <fweimer () redhat com> wrote:

> * Mike Dalessio:
>
> > This is a security release. It addresses a CVE in upstream libxslt rated
> as
> > "Priority: medium" by Canonical, and "NVD Severity: high" by Debian. More
> > details are available below.
>
> Note that the Debian security tracker only relays what NVD provides in
> this field.  It is not updated if a separate review yields different
> results.
>
> Thanks,
> Florian