[DRE-maint] Bug#963477: ruby-rack: CVE-2020-8184
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 2 12:25:07 GMT 2021
Hi Utkarsh
On Sat, Jan 02, 2021 at 05:45:04PM +0530, Utkarsh Gupta wrote:
> Hello,
>
> On Sat, Jan 2, 2021 at 2:02 AM Salvatore Bonaccorso <carnil at debian.org> wrote:
> > While strictly speaking this issue is no-dsa for buster, I'm raising
> > the severity to RC, would it be possible to address this issue for
> > unstable (and so bullseye) before the freeze?
>
> Of course. Uploaded a fix! :)
> (thanks for the explicit CC, please do it next time as well if you
> want me to take care of something which falls under the Ruby team).
Thanks! About the explicit CC, well actually I was a bit "vary",
because if it's team maintained one should not start explicitly ping
some of the uploaders. But I'm glad if this was possible. Indeed there
would be more ruby team maintained packages which are currently no-dsa
marked but maybe would be good to fix for and in bullseye. There are
issues for instance in ruby-faye and ruby-faye-websocket as well:
967061, 959392, 967063.
Possibly though we are not to late for those for bullseye.
Regards and thank you!
Salvatore
More information about the Pkg-ruby-extras-maintainers
mailing list