[Git][security-tracker-team/security-tracker][master] ruby-carrierwave have no any reverse dependencies. Very unlikely

Abhijith PA abhijith at debian.org
Tue Apr 13 12:46:41 BST 2021 


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c8fc9876 by Abhijith PA at 2021-04-13T17:16:02+05:30
ruby-carrierwave have no any reverse dependencies. Very unlikely
someone use this packaged gem.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -22461,6 +22461,7 @@ CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm packa
 	NOTE: https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
 CVE-2021-21305 (CarrierWave is an open-source RubyGem which provides a simple and flex ...)
 	- ruby-carrierwave <unfixed> (bug #982551)
+	[stretch] - ruby-carrierwave <ignored> (No reverse dependencies)
 	NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4
 	NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7
 CVE-2021-21304 (Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dy ...)
@@ -22515,6 +22516,7 @@ CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated we
 	NOTE: Test warnings fixup: https://github.com/sparklemotion/mechanize/commit/5b30aed33cbac9825e8978f8e36dd221cbd4c093 (v2.7.7)
 CVE-2021-21288 (CarrierWave is an open-source RubyGem which provides a simple and flex ...)
 	- ruby-carrierwave <unfixed> (bug #982552)
+	[stretch] - ruby-carrierwave <ignored> (No reverse dependencies)
 	NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5
 	NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0
 CVE-2021-21287 (MinIO is a High Performance Object Storage released under Apache Licen ...)


=====================================
data/dla-needed.txt
=====================================
@@ -100,10 +100,6 @@ ruby-actionpack-page-caching
   NOTE: 20200819: uses the path without normalising any "../" etc., simply
   NOTE: 20200819: URI.parser.unescap-ing it. Requires more investigation. (lamby)
 --
-ruby-carrierwave (Abhijith PA)
-  NOTE: 20210320: Will be difficult to backport as code in LTS version appears
-  NOTE: 20210320: to use primitive Kernel.open to load URIs. (lamby)
---
 ruby-doorkeeper
   NOTE: 20200831: it's a breaking change, I'd rather not want to issue a DLA for this. (utkarsh)
   NOTE: 20200831: in case it's really DLA worthy, I'd be very careful with this update. (utkarsh)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8fc9876604762456a4167719113066cfea902b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8fc9876604762456a4167719113066cfea902b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210413/81a81c8c/attachment.htm>

More information about the debian-security-tracker-commits mailing list