Re: CVE-2021-28965

To: 986806@bugs.debian.org
Cc: debian-ruby <debian-ruby@lists.debian.org>, Debian Security Team <team@security.debian.org>
Subject: Re: CVE-2021-28965
From: Pirate Praveen <praveen@onenetbeyond.org>
Date: Sun, 18 Apr 2021 22:26:31 +0530
Message-id: <[🔎] 72RRRQ.B4UDDMWV70IW@onenetbeyond.org>

On Sun, 18 Apr 2021 15:04:56 +0200 Salvatore Bonaccorso<carnil@debian.org> wrote:

> Hi,
>
> On Sat, Apr 17, 2021 at 10:34:24PM +0530, Pirate Praveen wrote:
> >
> >

> > On Sat, Apr 17, 2021 at 10:16 pm, Utkarsh Gupta<utkarsh@debian.org> wrote:> > > Makes sense. Probably the time to RM ruby-rexml from the archiveis

> > > *now*?
> >
> > Requested removal from archive in #987101
>
> Thanks for filling the removal!
>
> I fear this has though some additional work to be done, trying to
> simulate the removal the following is shown:
>
> Will remove the following packages from sid:
>
> ruby-rexml |    3.2.4-2 | source, all
>

> Maintainer: Debian Ruby Extras Maintainers<pkg-ruby-extras-maintainers@lists.alioth.debian.org>

>
> ------------------- Reason -------------------
>
> ----------------------------------------------
>
> Checking reverse dependencies...
> # Broken Depends:
> ruby-kramdown: ruby-kramdown
>
> # Broken Build-Depends:
> ruby-kramdown: ruby-rexml
>
> Dependency problem found.
>
> Can you change tue Build-Depends of ruby-kramdown?

I think that is a bug in dak, as libruby2.7 Provides ruby-rexml.

Reply to:

Follow-Ups:
- Re: Bug#986806: CVE-2021-28965
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Re: CVE-2021-28965
Next by Date: Re: Bug#986806: CVE-2021-28965
Previous by thread: Re: CVE-2021-28965
Next by thread: Re: Bug#986806: CVE-2021-28965
Index(es):
- Date
- Thread