[Git][security-tracker-team/security-tracker][master] 2 commits: dla: claim ruby-doorkeeper

Sylvain Beucler (@beuc) beuc at debian.org
Thu Jun 10 17:33:26 BST 2021



Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
303b251d by Sylvain Beucler at 2021-06-10T18:32:30+02:00
dla: claim ruby-doorkeeper

- - - - -
19ac6194 by Sylvain Beucler at 2021-06-10T18:33:03+02:00
dla: ruby-doorkeeper: drop notes on CVE-2020-10187 which was later marked not-affected

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -76,13 +76,7 @@ ruby-actionpack-page-caching (Markus Koschany)
   NOTE: 20200819: uses the path without normalising any "../" etc., simply
   NOTE: 20200819: URI.parser.unescap-ing it. Requires more investigation. (lamby)
 --
-ruby-doorkeeper
-  NOTE: 20200831: it's a breaking change, I'd rather not want to issue a DLA for this. (utkarsh)
-  NOTE: 20200831: in case it's really DLA worthy, I'd be very careful with this update. (utkarsh)
-  NOTE: 20200831: more investigation needed. (utkarsh)
-  NOTE: 20201009: on another note, it needs more investigation if this version is affected in
-  NOTE: 20201009: the first place or not. (utkarsh)
-  NOTE: 20201215: includes plaintext secret is not part of source code for stretch but there may be other ways to trigger this (ola)
+ruby-doorkeeper (Sylvain Beucler)
 --
 ruby-kaminari (Markus Koschany)
   NOTE: 20200819: The source in Debian (at least in LTS) appears to have a different lineage to



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/91e897273415b5e79768b87cfec35dff21476489...19ac6194959bb96546a533faeaf868bb8a674d6d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/91e897273415b5e79768b87cfec35dff21476489...19ac6194959bb96546a533faeaf868bb8a674d6d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210610/5875769f/attachment.htm>


More information about the debian-security-tracker-commits mailing list