[DRE-maint] Bug#986806: CVE-2021-28965

Utkarsh Gupta utkarsh at debian.org
Sat Apr 17 17:46:29 BST 2021

Hi Praveen,

On Fri, Apr 16, 2021 at 3:24 PM Pirate Praveen <praveen at onenetbeyond.org> wrote:
> I think the separate package was introduced by mistake without seeing
> the copy embedded in ruby. I think the right way is to fix this in ruby
> and remove this separate package. But I'd like someone from ruby team
> to confirm this.

Makes sense. Probably the time to RM ruby-rexml from the archive is *now*?

As for fixing this in src:ruby2.7, see #986742. TL;DR: ruby2.7 2.7.3-1
was uploaded to fix this earlier today.

- u

More information about the Pkg-ruby-extras-maintainers mailing list