[Git][security-tracker-team/security-tracker][master] Reclaim ruby-* packages

Utkarsh Gupta utkarsh at debian.org
Mon Sep 14 08:31:57 BST 2020 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6ac1806 by Utkarsh Gupta at 2020-09-14T13:01:39+05:30
Reclaim ruby-* packages

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -163,21 +163,21 @@ ruby-doorkeeper
   NOTE: 20200831: in case it's really DLA worthy, I'd be very careful with this update. (utkarsh)
   NOTE: 20200831: more investigation needed. (utkarsh)
 --
-ruby-json-jwt
-  NOTE: 20200831: TODO: testing against the reproducer. (utkarsh)
+ruby-json-jwt (Utkarsh)
+  NOTE: 20200914: testing against the new reproducer. (utkarsh)
 --
-ruby-kaminari
+ruby-kaminari (Utkarsh)
   NOTE: 20200819: The source in Debian (at least in LTS) appears to have a different lineage to
   NOTE: 20200819: the one upstream or in its many forks. For example, both dthe
   NOTE: 20200819: kaminari/kaminari and amatsuda/kaminari repositories does no have the
   NOTE: 20200819: @params.except(:script_name) line in any part of their history (although the
   NOTE: 20200819: file has been refactored a few times). (lamby)
-  NOTE: 20200831: A new module should be written in config/initializers/kaminari.rb. (utkarsh)
-  NOTE: 20200831: It should prepend_features from Kaminari::Helpers::Tag. (utkarsh)
+  NOTE: 20200914: A new module should be written in config/initializers/kaminari.rb. (utkarsh)
+  NOTE: 20200914: It should prepend_features from Kaminari::Helpers::Tag. (utkarsh)
 --
-ruby-rack-cors
+ruby-rack-cors (Utkarsh)
  NOTE: 20200817: Was fixed in DLA-2096-1 for jessie LTS but is now re-vulnerable again in stretch LTS AFAICT. (lamby)
- NOTE: 20200831: got a reproducer very recently. (utkarsh)
+ NOTE: 20200914: problems in reproducing. will investigate in sometime. (utkarsh)
 --
 samba (Mike Gabriel)
   NOTE: 20200703: Check with security team so that there's no clash for Stretch update. (utkarsh)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6ac1806bc13013969f8a030db6c177d78b65556

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6ac1806bc13013969f8a030db6c177d78b65556
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200914/558abfa9/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list