[DRE-maint] Bug#986806: CVE-2021-28965
Antonio Terceiro
terceiro at debian.org
Sat Apr 17 14:41:17 BST 2021
On Fri, Apr 16, 2021 at 03:22:24PM +0530, Pirate Praveen wrote:
> On Mon, 12 Apr 2021 12:05:29 +0200 Moritz Muehlenhoff <jmm at debian.org>
> wrote:
> > https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
> >
> > Why is there a separate package duplicating rexml from src:ruby2.7 in
> bullseye?
>
> I think the separate package was introduced by mistake without seeing the
> copy embedded in ruby. I think the right way is to fix this in ruby and
> remove this separate package. But I'd like someone from ruby team to confirm
> this.
agreed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20210417/1677c9e6/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list