[DRE-maint] Bug#964274: ruby-websocket-extensions: CVE-2020-7663
Salvatore Bonaccorso
carnil at debian.org
Wed May 5 21:37:20 BST 2021
Hi Andreas,
On Wed, May 05, 2021 at 09:57:09PM +0200, Andreas Beckmann wrote:
> Followup-For: Bug #964274
>
> Hi,
>
> CVE-2020-7663 is fixed in stretch-security but not buster, making
> upgrades difficult since stetch-security has a newer version than buster.
> Please upload the fix to buster, too.
>
> ruby-websocket-extensions | 0.1.2-1 | stretch | source, all
> ruby-websocket-extensions | 0.1.2-1 | buster | source, all
> ruby-websocket-extensions | 0.1.2-1+deb9u1 | stretch-security | source, all
> ruby-websocket-extensions | 0.1.5-1 | bullseye | source, all
> ruby-websocket-extensions | 0.1.5-1 | sid | source, all
Thanks for raising the issue. In fact this issue won't warrant a DSA
for buster, so a fix goes ideally in via one of the upcoming point
releases.
Regards,
Salvatore
More information about the Pkg-ruby-extras-maintainers
mailing list