Issues regarding ruby-rack/CVE-2019-16782

To: Debian Security Team <team@security.debian.org>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Issues regarding ruby-rack/CVE-2019-16782
From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date: Thu, 19 Dec 2019 23:19:08 +0530
Message-id: <[🔎] 5cfc2ed4-5b07-1b2c-5997-4b104e281491@gmail.com>

Hiya,

Please don't yet patch CVE-2019-16782 for Buster, Stretch, Jessie, et al.
This security update induces a regression, resulting in some issues in
using the library.
Also, there's a slight possibility of this patch inducing a backdoor on
it's own.

The issues have already been opened to/with the upstream and I hope
they're looking into it.
P.S. Shall update here when available :)


Best,
Utkarsh

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Issues regarding ruby-rack/CVE-2019-16782
  - From: "Chris Lamb" <lamby@debian.org>

Prev by Date: Re: ibus/CVE-2019-14822/glibc
Next by Date: Re: Issues regarding ruby-rack/CVE-2019-16782
Previous by thread: Re [SECURITY] [D:LA 2035-1] libpgf security update; Please discontinue these messages, thank you.
Next by thread: Re: Issues regarding ruby-rack/CVE-2019-16782
Index(es):
- Date
- Thread