CVE-2020-26247

NameCVE-2020-26247
DescriptionNokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2678-1, ELA-438-1
Debian Bugs978967

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-nokogiri (PTS)jessie, jessie (lts)1.6.3.1+ds-1+deb8u2fixed
stretch1.6.8.1-1vulnerable
stretch (security)1.6.8.1-1+deb9u1fixed
buster1.10.0+dfsg1-2vulnerable
sid, bullseye1.11.1+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby-nokogirisourcejessie1.6.3.1+ds-1+deb8u2ELA-438-1
ruby-nokogirisourcestretch1.6.8.1-1+deb9u1DLA-2678-1
ruby-nokogirisource(unstable)1.11.1+dfsg-1low978967

Notes

[buster] - ruby-nokogiri <no-dsa> (Minor issue)
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b (v1.11.0.rc4)

Search for package or bug name: Reporting problems