Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 23 Apr 2019 10:05:50 -0400
From: Mike Dalessio <mike.dalessio@...il.com>
To: Florian Weimer <fweimer@...hat.com>
Cc: nokogiri-talk <nokogiri-talk@...glegroups.com>, ruby-talk <ruby-talk@...y-lang.org>, 
	ruby-security-ann@...glegroups.com, oss-security@...ts.openwall.com
Subject: Re: Nokogiri security update v1.10.3

Florian, thanks for the clarification.

NVD indicates that this is a CVSS v3.0 severity "9.8: Critical".

Here are permalinks:

   - NVD entry:
   https://nvd.nist.gov/vuln/detail/CVE-2019-11068#vulnCurrentDescriptionTitle
   - expanded CVSS 3.0 score:
   https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2019-11068&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

-m





On Tue, Apr 23, 2019 at 5:00 AM Florian Weimer <fweimer@...hat.com> wrote:

> * Mike Dalessio:
>
> > This is a security release. It addresses a CVE in upstream libxslt rated
> as
> > "Priority: medium" by Canonical, and "NVD Severity: high" by Debian. More
> > details are available below.
>
> Note that the Debian security tracker only relays what NVD provides in
> this field.  It is not updated if a separate review yields different
> results.
>
> Thanks,
> Florian
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.