Re: rails update

To: Sylvain Beucler <beuc@beuc.net>
Cc: Debian Security Team <team@security.debian.org>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: rails update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 19 Jun 2020 11:40:06 +0200
Message-id: <[🔎] 20200619094006.GA1126775@eldamar.local>
Mail-followup-to: Sylvain Beucler <beuc@beuc.net>, Debian Security Team <team@security.debian.org>, Debian LTS <debian-lts@lists.debian.org>
In-reply-to: <[🔎] 91e4df09-16e5-cedb-4e61-bc3970c2d116@beuc.net>
References: <[🔎] 91e4df09-16e5-cedb-4e61-bc3970c2d116@beuc.net>

Hi Sylvain,

On Wed, Jun 17, 2020 at 11:09:41PM +0200, Sylvain Beucler wrote:
> Hi Security Team,
> 
> I see that 'rails' is present in dsa-needed.txt.

Right, current open rails issues would warrant a DSA.

> I'm currently testing an update for jessie and I can prepare an update
> for stretch (which appears to be similar).
> (not sure what's the plan for buster)
> Would you be interested?

Yes if you are interested in contributing the updates, help is
welcome. Apart the proposed debdiffs, would be ideal to hear what you
were able to test/check.

So assuming you are intersted in preparing the stretch-security one,
would you as well work on the buster-security one? (it has different
set of open CVEs to be addressed).

> Note: since there's 2:4.2.7.1-1+deb9u2 in stretch-proposed-updates,
> would it be OK to prepare a deb9u3 straight for stretch-security?

Right, given 2:4.2.7.1-1+deb9u2 was uploaded to
stretch-proposed-updates and as well already acked by SRM please just
build on top of it as 2:4.2.7.1-1+deb9u3 for stretch-security.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Re: rails update
  - From: Utkarsh Gupta <utkarsh@debian.org>

References:
- rails update
  - From: Sylvain Beucler <beuc@beuc.net>

Prev by Date: Re: jquery / CVE-2020-7656
Next by Date: Re: rails update
Previous by thread: rails update
Next by thread: Re: rails update
Index(es):
- Date
- Thread