[DRE-maint] Bug#913005: ruby-rack: CVE-2018-16471: Possible XSS vulnerability in Rack

Salvatore Bonaccorso carnil at debian.org
Mon Nov 19 22:03:40 GMT 2018

Hi Chris,

On Mon, Nov 19, 2018 at 03:17:27AM -0500, Chris Lamb wrote:
> Chris Lamb wrote:
> > Security team, like ruby-i18n, I would be more than happy to prepare
> > and upload a stable security upload of this package when addressing
> > it in jessie LTS.
> […]
> > Ruby team, again, I could easily upload to sid at the same time. Let
> > me know here too.
> Gentle ping on the above two queries? :)

I think those will be no-dsa and can be adressed via a point release,
but we first need to evaluate those further.


More information about the Pkg-ruby-extras-maintainers mailing list