Your message dated Fri, 4 Jul 2025 09:51:14 +0200 with message-id <aGeH8nP1X3yPFu7B@pisco.westfalen.local> and subject line CVE-2025-6490 and CVE-2025-6494 do not affect Debian has caused the Debian Bug report #1108238, regarding ruby-nokogiri: CVE-2025-6490 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1108238: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108238 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ruby-nokogiri Version: 1.18.2+dfsg-1 Severity: important Tags: security upstream Forwarded: https://github.com/sparklemotion/nokogiri/issues/3500 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for ruby-nokogiri. CVE-2025-6490[0]: | A vulnerability was found in sparklemotion nokogiri up to 1.18.7 and | classified as problematic. This issue affects the function | hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The | manipulation leads to heap-based buffer overflow. An attack has to | be approached locally. The exploit has been disclosed to the public | and may be used. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-6490 https://www.cve.org/CVERecord?id=CVE-2025-6490 [1] https://github.com/sparklemotion/nokogiri/issues/3500 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---The vulnerable code was introduced later and is not in the version in Debian, closing. Cheers, Moritz
--- End Message ---
_______________________________________________ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
