| Release | Version |
|---|---|
| jessie | 1.7.4-1 |
| stretch | 1.13.6-2 |
| buster | 1.17.3-3+deb10u1 |
| Bug | jessie | stretch | buster | Description |
|---|---|---|---|---|
| CVE-2020-36327 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes choos ... |
| CVE-2019-3881 | fixed | vulnerable (no DSA) | fixed | Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with ... |
| CVE-2016-7954 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | Bundler 1.x might allow remote attackers to inject arbitrary Ruby code ... |
| Bug | Description |
|---|---|
| CVE-2013-0334 | Bundler before 1.7, when multiple top-level source lines are used, all ... |