Re: Security issues in standards (ruby-openid / CVE-2019-11027)

[Raphael Hertzog <hertzog@debian.org>]

Hi,

(Sylvain, please cc me if you want me to read something in any timely fashion)

On Thu, 07 Nov 2019, Sylvain Beucler wrote:
> Raphael, given that this package is low popcon and the vulnerability is
> fuzzy, do you know if the sponsor for this package would be willing to
> test fixes?

The sponsor is a web hoster who is listing packages used by all their
customers. I doubt that they can easily test.

I'm bccing them in case they want to chip in and express their interest
in testing fixes.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/