Re: Issues regarding ruby-rack/CVE-2019-16782

To: Debian LTS <debian-lts@lists.debian.org>
Cc: Debian Security Team <team@security.debian.org>, Brian May <bam@debian.org>, Ola Lundqvist <ola@inguza.com>
Subject: Re: Issues regarding ruby-rack/CVE-2019-16782
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Tue, 28 Apr 2020 13:56:06 +0530
Message-id: <[🔎] CAPP0f95bgmUbqkG0iE3MqwfkQ3SywhAvopfnpj0-pM4o+QUeaw@mail.gmail.com>
In-reply-to: <[🔎] CAPP0f94PRUzdyeEy-b9htADnRzfpe37HnMLA4ADHKFnNotNfAg@mail.gmail.com>
References: <5cfc2ed4-5b07-1b2c-5997-4b104e281491@gmail.com> <[🔎] 87h7x9ew7t.fsf@silverfish.pri> <[🔎] CAPP0f94PRUzdyeEy-b9htADnRzfpe37HnMLA4ADHKFnNotNfAg@mail.gmail.com>

Hi all,

On Fri, Apr 24, 2020 at 3:09 AM Utkarsh Gupta <utkarsh@debian.org> wrote:
> Thank you for this. I've started to think on the same lines.
> During this weekend, I'll take a quick look over what other
> distributions are doing for this.

I took a look and couldn't find anything. Interestingly, the advisory[1]
by GitHub has also marked this as of "low" severity.

> And if I don't find something, we could perhaps mark this as "no-dsa"?

Therefore, I have marked this as no-dsa in Jessie, at least.
D'you think I should go on and mark this as no-dsa for Stretch and Buster, too?

Best,
Utkarsh
---
[1]: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Reply to:

Follow-Ups:
- Re: Issues regarding ruby-rack/CVE-2019-16782
  - From: Ola Lundqvist <ola@inguza.com>

References:
- Re: Issues regarding ruby-rack/CVE-2019-16782
  - From: Brian May <bam@debian.org>
- Re: Issues regarding ruby-rack/CVE-2019-16782
  - From: Utkarsh Gupta <utkarsh@debian.org>

Prev by Date: dla-needed.txt: Add note on CVE-2020-1769 in otrs2.
Next by Date: Re: Issues regarding ruby-rack/CVE-2019-16782
Previous by thread: Re: Issues regarding ruby-rack/CVE-2019-16782
Next by thread: Re: Issues regarding ruby-rack/CVE-2019-16782
Index(es):
- Date
- Thread