Re: rails update
On Wed, Jun 17, 2020 at 11:09:41PM +0200, Sylvain Beucler wrote:
> Hi Security Team,
> I see that 'rails' is present in dsa-needed.txt.
Right, current open rails issues would warrant a DSA.
> I'm currently testing an update for jessie and I can prepare an update
> for stretch (which appears to be similar).
> (not sure what's the plan for buster)
> Would you be interested?
Yes if you are interested in contributing the updates, help is
welcome. Apart the proposed debdiffs, would be ideal to hear what you
were able to test/check.
So assuming you are intersted in preparing the stretch-security one,
would you as well work on the buster-security one? (it has different
set of open CVEs to be addressed).
> Note: since there's 2:220.127.116.11-1+deb9u2 in stretch-proposed-updates,
> would it be OK to prepare a deb9u3 straight for stretch-security?
Right, given 2:18.104.22.168-1+deb9u2 was uploaded to
stretch-proposed-updates and as well already acked by SRM please just
build on top of it as 2:22.214.171.124-1+deb9u3 for stretch-security.