Status of CVE-2017-0903 fixes

Asked by Scott Emmons on 2018-01-11

Hello, what is the status of fixes related to CVE-2017-0903 [1]? There are still a number of "needs-triage" statuses, yet debian appears to have largely pushed fixes already for many version/package combinations [2] - "ruby2.3" for example. (I have no idea how the ubuntu packages differ from upstream debian packages for this or packages such as "jruby"). This CVE is several months old already and is a potential remote code execution vulnerability.

Thank you!

[1] https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0903.html
[2] https://security-tracker.debian.org/tracker/CVE-2017-0903

Question information

Language:
English Edit question
Status:
Open
For:
Ubuntu ruby2.3 Edit question
Assignee:
No assignee Edit question
Last query:
2018-01-11
Last reply:

Can you help with this problem?

Provide an answer of your own, or ask Scott Emmons for more information if necessary.

To post a message you must log in.