[DRE-maint] Bug#963477: ruby-rack: CVE-2020-8184
Utkarsh Gupta
utkarsh at debian.org
Sat Jan 2 13:08:37 GMT 2021
Hi Salvatore,
On Sat, Jan 2, 2021 at 5:55 PM Salvatore Bonaccorso <carnil at debian.org> wrote:
> > Of course. Uploaded a fix! :)
> > (thanks for the explicit CC, please do it next time as well if you
> > want me to take care of something which falls under the Ruby team).
>
> Thanks! About the explicit CC, well actually I was a bit "vary",
> because if it's team maintained one should not start explicitly ping
> some of the uploaders. But I'm glad if this was possible.
It's not a problem, I am happy to help the security team as much as I
possibly can (though you'd hopefully know that by now ;)).
> Indeed there would be more ruby team maintained packages which
> are currently no-dsa marked but maybe would be good to fix for
> and in bullseye. There are issues for instance in ruby-faye and
> ruby-faye-websocket as well: 967061, 959392, 967063.
Eeks, sorry for not noticing them earlier. But I've uploaded a fix for all
three of them^ :)
Let me know if there are more that needs immediate fixing or so! \o/
- u
More information about the Pkg-ruby-extras-maintainers
mailing list