Your message dated Fri, 4 Jul 2025 09:51:14 +0200 with message-id <[email protected]> and subject line CVE-2025-6490 and CVE-2025-6494 do not affect Debian has caused the Debian Bug report #1108237, regarding ruby-nokogiri: CVE-2025-6494 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 1108237: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108237 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: ruby-nokogiri Version: 1.18.2+dfsg-1 Severity: important Tags: security upstream Forwarded: https://github.com/sparklemotion/nokogiri/issues/3508 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Hi, The following vulnerability was published for ruby-nokogiri. CVE-2025-6494[0]: | A vulnerability was found in sparklemotion nokogiri up to 1.18.7. It | has been classified as problematic. This affects the function | hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The | manipulation leads to heap-based buffer overflow. An attack has to | be approached locally. The exploit has been disclosed to the public | and may be used. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-6494 https://www.cve.org/CVERecord?id=CVE-2025-6494 [1] https://github.com/sparklemotion/nokogiri/issues/3508 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---The vulnerable code was introduced later and is not in the version in Debian, closing. Cheers, Moritz
--- End Message ---
_______________________________________________ Pkg-ruby-extras-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
