[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Your ruby1.9.1 stable upload



Hi,

I noticed that you've uploaded a new upstream version of ruby1.9.1 to
stable, in order to fix CVE-2011-1004.  Whilst it is great that you're
working on fixing this sort of issue in stable, uploading new upstream
versions is generally not appropriate, and certainly not without prior
discussion with the release team.

Severity: normal bugs (e.g. #578169) are also generally not suitable for
fixing in stable, particularly when they involve changes to the
package's build-dependencies and the changes have not yet been applied
to unstable.

Was this discussed with the security team, as to whether they would like
to issue a DSA for the issue?

Regards,

Adam


Reply to: