[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DLA 4018-1] ruby2.7 security update



Hi,

On 27/01/2025 12:04, Sylvain Beucler wrote:
Hi,

Do we plan/want to fix these REXML vulnerabilities accordingly in ruby3.1 (6 postponed) and ruby3.3 (1 unfixed) ?

This sounds like a candidate for a (O)SPU task:
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues

We (ruby maintainers) are planning a SPU to also fix another bug, we should squeeze in the no-DSA fixes as well.

For ruby3.3, we should update to the latest upstream patch release before the trixie release.

Cheers!

--
Lucas Kanashiro


Reply to: