[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Issues regarding ruby-rack/CVE-2019-16782

Hi

I think the Debian Security team usually wants to judge that on their
own. You can write a note about it in the CVE entry.
So before the regular security team has said anything we should not do that.

// Ola

On Tue, 28 Apr 2020 at 10:26, Utkarsh Gupta <utkarsh@debian.org> wrote:
>
> Hi all,
>
> On Fri, Apr 24, 2020 at 3:09 AM Utkarsh Gupta <utkarsh@debian.org> wrote:
> > Thank you for this. I've started to think on the same lines.
> > During this weekend, I'll take a quick look over what other
> > distributions are doing for this.
>
> I took a look and couldn't find anything. Interestingly, the advisory[1]
> by GitHub has also marked this as of "low" severity.
>
> > And if I don't find something, we could perhaps mark this as "no-dsa"?
>
> Therefore, I have marked this as no-dsa in Jessie, at least.
> D'you think I should go on and mark this as no-dsa for Stretch and Buster, too?
>
>
> Best,
> Utkarsh
> ---
> [1]: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
 ---------------------------------------------------------------
Reply to: