[DRE-maint] Bug#834843: ruby-doorkeeper: CVE-2016-6582
Salvatore Bonaccorso
carnil at debian.org
Sat Aug 27 12:00:34 UTC 2016
Hi!
On Sat, Aug 27, 2016 at 02:58:13PM +0530, Pirate Praveen wrote:
> On Thu, 25 Aug 2016 21:44:23 +0200 Salvatore Bonaccorso
> <carnil at debian.org> wrote:
> > Control: fixed -1 4.2.0-1
> > Hi
> >
> > This seems to have been addressed in 4.2.0 upstream (which was
> > uploaded to experimental), but the debian/changelog does not mention
> > the bug closer nor the CVE id; any reason for that or just an
> > oversight?
>
> It was just an oversight, as my focus was to match dependency
> requirement of gitlab 8.10.5. Can I add this number in 4.2.0-2?
Sure, the CVE identifier can be added retrospecitively to the 4.2.0-1
changelog in any subsequent upload (just to keep the history).
In any case I have already updated the security-tracker information.
Thanks a lot!
Regards,
Salvatore
More information about the Pkg-ruby-extras-maintainers
mailing list