Re: Stretch 9.2 announcement: dead link for ruby-rack-cors DSA
Hi Adam,
On Wed, Oct 11, 2017 at 09:15:08PM +0100, Adam D. Barratt wrote:
> On Wed, 2017-10-11 at 22:08 +0200, Holger Wansing wrote:
> > at https://www.debian.org/News/2017/20171007 the DSA link for ruby-
> > rack-cors
> > is dead:
> >
> > https://www.debian.org/security/2017/dsa-3931
> >
> > There is no such DSA.
> > And also no such announcement on https://lists.debian.org/debian-secu
> > rity-announce/
> >
>
> It's in DSA/list in the secure-testing repository:
>
> [10 Aug 2017] DSA-3931-1 ruby-rack-cors - security update
> {CVE-2017-11173}
> [stretch] - ruby-rack-cors 0.4.0-1+deb9u1
>
> which is where the stable tools got the information from to begin with.
>
> The package is also in http://security.debian.org/debian-security/pool/
> updates/main/r/ruby-rack-cors/
>
> So it looks like the announcement went missing somehow. team@security
> CCed for comment.
Indeed, it looks that the announcement at least never arived in d-s-a.
I wonder if after two monts now it makes still sense to send the
advisory or at least just import the text for the website.
As nobody so far complained, I guess that's an indication that it's
not widely used on stable (yet).
Regards,
Salvatore
Reply to: