[DRE-maint] Bug#941613: RM: ruby-simple-form/3.2.0-1
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 2 20:56:22 BST 2019
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: rm
Hi Stable release managers,
[X-Debbugs-CC to Antonio Terceiro]
Please remove ruby-simple-form on the next stretch point release. It
was back in #923847 removed in unstable, has no reverse dependencies
and apart of the removal reasons there has now as well CVE-2019-16676.
https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx
Given it is unused, instead of going ahead of either trying to fix
that or mark it as no-dsa and defer a fix via a point release it might
make sense to just remove it on next point release time.
Regards,
Salvatore
More information about the Pkg-ruby-extras-maintainers
mailing list