[DRE-maint] Bug#986806: CVE-2021-28965
Utkarsh Gupta
utkarsh at debian.org
Sat Apr 17 17:46:29 BST 2021
Hi Praveen,
On Fri, Apr 16, 2021 at 3:24 PM Pirate Praveen <praveen at onenetbeyond.org> wrote:
> I think the separate package was introduced by mistake without seeing
> the copy embedded in ruby. I think the right way is to fix this in ruby
> and remove this separate package. But I'd like someone from ruby team
> to confirm this.
Makes sense. Probably the time to RM ruby-rexml from the archive is *now*?
As for fixing this in src:ruby2.7, see #986742. TL;DR: ruby2.7 2.7.3-1
was uploaded to fix this earlier today.
- u
More information about the Pkg-ruby-extras-maintainers
mailing list