[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage ruby-kramdown for stretch LTS (CVE-2021-28834).

Mon Apr 12 16:43:41 BST 2021


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c618119a by Chris Lamb at 2021-04-12T16:43:34+01:00
data/dla-needed.txt: Triage ruby-kramdown for stretch LTS (CVE-2021-28834).

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -123,6 +123,9 @@ ruby-kaminari
   NOTE: 20201009: This (↑) is an app-level patch for a rails app. A library-level patch
   NOTE: 20201009: will needed to be written. Opened an issue at upstream, though somewhat inactive. (utkarsh)
 --
+ruby-kramdown
+  NOTE: 20210412: Probably needs two commits (see the one linked in the comment of d6a1cbcb2c. (lamby)
+--
 ruby-nokogiri
   NOTE: 20210403: CVE-2020-26247: Java-level API not included in stretch but CVE also affects C/Ruby-level APIs;
   NOTE: 20210403: check if default change (trust -> don't trust external schemas) possibly breaks compatibility (Beuc)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c618119a9895d1f285aa49cd1c1df97d773a488b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c618119a9895d1f285aa49cd1c1df97d773a488b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210412/8fafed68/attachment.htm>
