[Git][security-tracker-team/security-tracker][master] dla: drop ruby-sinatra, following bookworm triage

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Thu Jan 30 17:06:13 GMT 2025 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f054da1a by Sylvain Beucler at 2025-01-30T18:06:06+01:00
dla: drop ruby-sinatra, following bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -26413,6 +26413,7 @@ CVE-2024-21510 (Versions of the package sinatra from 0.0.0 are vulnerable to Rel
 	[experimental] - ruby-sinatra 4.1.1-1
 	- ruby-sinatra 4.1.1-2 (bug #1087290)
 	[bookworm] - ruby-sinatra <ignored> (Minor issue, too intrusive to backport)
+	[bullseye] - ruby-sinatra <ignored> (Minor issue, too intrusive to backport)
 	NOTE: https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832
 	NOTE: https://github.com/sinatra/sinatra/pull/2053
 	NOTE: Rejected upstream fix: https://github.com/sinatra/sinatra/pull/2010


=====================================
data/dla-needed.txt
=====================================
@@ -217,11 +217,6 @@ rails
 rsync (Thorsten Alteholz)
   NOTE: 20250121: Added by Front-Desk re. potential regression outlined in #1093696. (lamby)
 --
-ruby-sinatra
-  NOTE: 20241110: Added by Front-Desk (apo)
-  NOTE: 20241122: Was awaiting approved upstream fix; still working on package. (lamby)
-  NOTE: 20241204: Returning to pool; have prepared patch for CVE-2024-21510 but tests fail in a way that requires someone better at Ruby than myself. (lamby)
---
 shadow
   NOTE: 20250105: Added by Front-Desk (apo)
   NOTE: 20250105: shadow is a high-profile package. Upstream discussion for CVE-2024-56433 is



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f054da1a121840e26f1d69e0410b00e23fbf139f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f054da1a121840e26f1d69e0410b00e23fbf139f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250130/39329155/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list