Re: RFS: ruby-loofah 2.2.1-1 (CVE-2018-8048)
* Georg Faerber <georg@riseup.net> [180322 01:29]:
> On 18-03-22 01:04:23, Cédric Boutillier wrote:
> > Can you also take care of applying the patch to the version currently
> > in stable and contact the security team for a proposed update for
> > stretch?
>
> Actually, aren't proposed uploads targeted at point releases? If so,
> this might take a while, as the last one just happened recently.
> Shouldn't this be instead a "straight" upload by the security team? I
> still would create the patch.
This decision is in the hands of the security team. In any case you
can prepare the patch/debdiff, and, if they are not going to upload
it, retarget to stretch (instead of stretch-security).
To save some work you can try asking on #debian-security first :-)
Chris
Reply to: