Package: bundler Version: 1.7.4-1 Severity: important Tags: security upstream
Hi, the following vulnerability was published for bundler. CVE-2016-7954[0]: code execution via gem name collission in bundler Please correct me if I'm wrong. As far I understand, this issue cannot be fixed within the 1.x series due to lockfile format. This bug is to continue tracking the CVE in the Debian BTS. We have marked the issue as no-dsa already for jessie. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-7954 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
