Status of CVE-2017-0903 fixes

Asked by Scott Emmons on 2018-01-11

Hello, what is the status of fixes related to CVE-2017-0903 [1]? There are still a number of "needs-triage" statuses, yet debian appears to have largely pushed fixes already for many version/package combinations [2] - "ruby2.3" for example. (I have no idea how the ubuntu packages differ from upstream debian packages for this or packages such as "jruby"). This CVE is several months old already and is a potential remote code execution vulnerability.

Thank you!

[1] https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0903.html
[2] https://security-tracker.debian.org/tracker/CVE-2017-0903

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu ruby2.3 Edit question
Assignee:
No assignee Edit question
Last query:
2018-01-11
Last reply:
2018-01-27
Launchpad Janitor (janitor) said : #1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.