Re: #774748: ruby-redcloth: CVE-2012-6684

To: Moritz Mühlenhoff <jmm@inutil.org>
Cc: 774748@bugs.debian.org, debian-ruby@lists.debian.org
Subject: Re: #774748: ruby-redcloth: CVE-2012-6684
From: Christian Hofstaedtler <zeha@debian.org>
Date: Mon, 26 Jan 2015 14:37:32 +0100
Message-id: <[🔎] 20150126133732.GA1148@sx.local>
In-reply-to: <[🔎] 20150126124532.GA16317@pisco.westfalen.local>
References: <[🔎] 20150109215713.GA61903@sx.local> <[🔎] 20150126124532.GA16317@pisco.westfalen.local>

* Moritz Mühlenhoff <jmm@inutil.org> [150126 13:45]:
> On Fri, Jan 09, 2015 at 10:57:13PM +0100, Christian Hofstaedtler wrote:
> > AFAICT there is no publicly available patch, and upstream is more or
> > less "dead".
> > 
> > Redmine's patched redcloth3 looks very different from the current
> > redcloth 4.x sources, so I have my doubts if forward porting this
> > is feasible.
> > 
> > Suggestions welcome.
> 
> Then we should remove it from jessie.

Looking at the rdeps, this would affect quite some packages, as
redcloth is a dependency of one of the documentation tools.

Not sure if it can be ripped out so easily.

Best,
Christian

-- 
 ,''`.  Christian Hofstaedtler <zeha@debian.org>
: :' :  Debian Developer
`. `'   7D1A CFFA D9E0 806C 9C4C  D392 5C13 D6DB 9305 2E03
  `-

Attachment: pgpWx1aFITFba.pgp
Description: PGP signature

Reply to:

References:
- Re: #774748: ruby-redcloth: CVE-2012-6684
  - From: Christian Hofstaedtler <zeha@debian.org>
- Re: #774748: ruby-redcloth: CVE-2012-6684
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Re: #774748: ruby-redcloth: CVE-2012-6684
Next by Date: Re: Debian Ruby sprint 2015 - Paris, 8-10 April
Previous by thread: Re: #774748: ruby-redcloth: CVE-2012-6684
Next by thread: RFS: ruby-haml-rails
Index(es):
- Date
- Thread