[DRE-maint] Bug#986806: CVE-2021-28965
Pirate Praveen
praveen at onenetbeyond.org
Fri Apr 16 10:52:24 BST 2021
On Mon, 12 Apr 2021 12:05:29 +0200 Moritz Muehlenhoff <jmm at debian.org>
wrote:
>
https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
>
> Why is there a separate package duplicating rexml from src:ruby2.7
in bullseye?
I think the separate package was introduced by mistake without seeing
the copy embedded in ruby. I think the right way is to fix this in ruby
and remove this separate package. But I'd like someone from ruby team
to confirm this.
More information about the Pkg-ruby-extras-maintainers
mailing list