Control: tags -1 moreinfo
Hi,
On Wed, Mar 27, 2019 at 07:11:57PM +0530, Utkarsh Gupta wrote:
> Please unblock package ruby-doorkeeper-openid-connect.
>
> There was a CVE bug (#924747) reported against the package with severity:
> grave.
> It was reported on 16th March and was resolved in the latest upload, which was
> on 24th March.
> Thus, requesting you to please unblock the same and let it be a part of Buster,
> as was going to :)
This upload seems to include a number of changes other than the fix for the
security issue. This doesn't seem to comply with the freeze policy. Perhaps
you can clarify the changes. Otherwise, please revert the upload and upload a
targeted fix for this issue.
I do understand your point but the there are only minor changes done except for the bug fixing :(
I was hoping for it to get unblocked (that is why I didn't do a minor update but just a patch update).
Also, since gitlab is its only reverse dependency, it'll not be a problem to unblock I guess?
If not possible, I'd perhaps be targetting for buster-backports, but was wishing to be unblocked to avoid other workarounds.
Thanks,
Ivo
Best,
Utkarsh