[Git][security-tracker-team/security-tracker][master] Add notes for ruby-* packages

Utkarsh Gupta utkarsh at debian.org
Mon Aug 31 00:47:24 BST 2020 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a125793a by Utkarsh Gupta at 2020-08-31T05:17:04+05:30
Add notes for ruby-* packages

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -148,8 +148,12 @@ ruby-actionpack-page-caching
   NOTE: 20200819: URI.parser.unescap-ing it. Requires more investigation. (lamby)
 --
 ruby-doorkeeper
+  NOTE: 20200831: it's a breaking change, I'd rather not want to issue a DLA for this. (utkarsh)
+  NOTE: 20200831: in case it's really DLA worthy, I'd be very careful with this update. (utkarsh)
+  NOTE: 20200831: more investigation needed. (utkarsh)
 --
 ruby-json-jwt (Utkarsh Gupta)
+  NOTE: 20200831: TODO: testing against the reproducer. (utkarsh)
 --
 ruby-kaminari (Utkarsh Gupta)
   NOTE: 20200819: The source in Debian (at least in LTS) appears to have a different lineage to
@@ -157,11 +161,12 @@ ruby-kaminari (Utkarsh Gupta)
   NOTE: 20200819: kaminari/kaminari and amatsuda/kaminari repositories does no have the
   NOTE: 20200819: @params.except(:script_name) line in any part of their history (although the
   NOTE: 20200819: file has been refactored a few times). (lamby)
-  NOTE: 20200819: A new module should be written in config/initializers/kaminari.rb. (utkarsh)
-  NOTE: 20200819: It should prepend_features from Kaminari::Helpers::Tag. (utkarsh)
+  NOTE: 20200831: A new module should be written in config/initializers/kaminari.rb. (utkarsh)
+  NOTE: 20200831: It should prepend_features from Kaminari::Helpers::Tag. (utkarsh)
 --
 ruby-rack-cors (Utkarsh Gupta)
  NOTE: 20200817: Was fixed in DLA-2096-1 for jessie LTS but is now re-vulnerable again in stretch LTS AFAICT. (lamby)
+ NOTE: 20200831: got a reproducer very recently. (utkarsh)
 --
 samba (Ola Lundqvist)
   NOTE: 20200703: Check with security team so that there's no clash for Stretch update. (utkarsh)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a125793a7d3733bc54af2ff174ad88d49272349d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a125793a7d3733bc54af2ff174ad88d49272349d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200830/c61067d4/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list