* Why we should update this gem? 1. To avoid future vulnerabilities (recent example: CVE-2013-0269) https://bugzilla.redhat.com/show_bug.cgi?id=909029 2. rubygem-json-1.4.6-2.el6 is not supported from upstream now https://github.com/flori/json/branches * Satellite server does not ship this gem, Satellite tools repo however has this as a package. All current active and upcoming streams of tools repo ship this: 6.5, 6.6, 6.7 and 6.8. https://errata.devel.redhat.com/package/show/rubygem-json
The rubygem-json package we ship is only in the RHEL 6 tools repository. Given that https://access.redhat.com/security/cve/CVE-2013-0269 has been deemed not to affect Satellite and there is no active CVE against the package, my recommendation is that we close wontfix this BZ. RHEL 6 has entered ELS phase ending in June 30, 2024.