Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)

To: Georg Faerber <georg@riseup.net>
Cc: debian-ruby@lists.debian.org
Subject: Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
From: Chris Hofstaedtler <zeha@debian.org>
Date: Thu, 22 Mar 2018 01:33:20 +0100
Message-id: <[🔎] 20180322003320.cxa7e6nvdcspiray@percival.namespace.at>
In-reply-to: <[🔎] 20180322002824.GH2961@debian>
References: <[🔎] 20180321223557.GE2961@debian> <[🔎] 20180322000423.GA8457@esfahan> <[🔎] 20180322002824.GH2961@debian>

* Georg Faerber <georg@riseup.net> [180322 01:29]:
> On 18-03-22 01:04:23, Cédric Boutillier wrote:
> > Can you also take care of applying the patch to the version currently
> > in stable and contact the security team for a proposed update for
> > stretch?
> 
> Actually, aren't proposed uploads targeted at point releases? If so,
> this might take a while, as the last one just happened recently.
> Shouldn't this be instead a "straight" upload by the security team? I
> still would create the patch.

This decision is in the hands of the security team. In any case you
can prepare the patch/debdiff, and, if they are not going to upload
it, retarget to stretch (instead of stretch-security).

To save some work you can try asking on #debian-security first :-)

Chris

Reply to:

Follow-Ups:
- Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
  - From: Georg Faerber <georg@riseup.net>

References:
- RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
  - From: Georg Faerber <georg@riseup.net>
- Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
  - From: Cédric Boutillier <boutil@debian.org>
- Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
  - From: Georg Faerber <georg@riseup.net>

Prev by Date: Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
Next by Date: Re: simple helper scripts: vcs-salsa, standards-version, debhelper-compat
Previous by thread: Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
Next by thread: Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
Index(es):
- Date
- Thread