Bug#941613: RM: ruby-simple-form/3.2.0-1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#941613: RM: ruby-simple-form/3.2.0-1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 02 Oct 2019 21:56:22 +0200
Message-id: <[🔎] 157004618230.28829.13346451917986883477.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 941613@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: rm

Hi Stable release managers,

[X-Debbugs-CC to Antonio Terceiro]

Please remove ruby-simple-form on the next stretch point release. It
was back in #923847 removed in unstable, has no reverse dependencies
and apart of the removal reasons there has now as well CVE-2019-16676.

https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx

Given it is unused, instead of going ahead of either trying to fix
that or mark it as no-dsa and defer a fix via a point release it might
make sense to just remove it on next point release time.

Regards,
Salvatore

Reply to:

Prev by Date: Processed: block 933548 with 941467
Next by Date: Processed: tagging 941613
Previous by thread: Processed: block 933548 with 941467
Next by thread: Processed: tagging 941613
Index(es):
- Date
- Thread