Re: [SECURITY] [DLA 4018-1] ruby2.7 security update

To: Sylvain Beucler <beuc@beuc.net>, debian-lts@lists.debian.org
Cc: Bastien Roucariès <rouca@debian.org>
Subject: Re: [SECURITY] [DLA 4018-1] ruby2.7 security update
From: Lucas Kanashiro <kanashiro@debian.org>
Date: Tue, 28 Jan 2025 05:50:46 -0300
Message-id: <[🔎] 7561bef8-af05-4cfe-b58d-0f2a58ba8a89@debian.org>
Reply-to: kanashiro@debian.org
In-reply-to: <[🔎] b6680eb1-d379-4e13-9c77-224cf6528c07@beuc.net>
References: <8fc53f102d13eb13e0226c2f19b45bc8@debian.org> <[🔎] b6680eb1-d379-4e13-9c77-224cf6528c07@beuc.net>

Hi,

On 27/01/2025 12:04, Sylvain Beucler wrote:

Hi,
Do we plan/want to fix these REXML vulnerabilities accordingly inruby3.1 (6 postponed) and ruby3.3 (1 unfixed) ?
This sounds like a candidate for a (O)SPU task:
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues

We (ruby maintainers) are planning a SPU to also fix another bug, weshould squeeze in the no-DSA fixes as well.

For ruby3.3, we should update to the latest upstream patch releasebefore the trixie release.


Cheers!

--
Lucas Kanashiro

Reply to:

References:
- Re: [SECURITY] [DLA 4018-1] ruby2.7 security update
  - From: Sylvain Beucler <beuc@beuc.net>

Prev by Date: Re: [SECURITY] [DLA 4018-1] ruby2.7 security update
Next by Date: Bug#1094590: libapache-mod-jk: Please package new upstream version: 1.2.50
Previous by thread: Re: [SECURITY] [DLA 4018-1] ruby2.7 security update
Next by thread: LTS version > stable or wait?
Index(es):
- Date
- Thread