Hi Utkarsh, On Sat, Jan 02, 2021 at 06:38:37PM +0530, Utkarsh Gupta wrote: > Hi Salvatore, > > On Sat, Jan 2, 2021 at 5:55 PM Salvatore Bonaccorso <car...@debian.org> wrote: > > > Of course. Uploaded a fix! :) > > > (thanks for the explicit CC, please do it next time as well if you > > > want me to take care of something which falls under the Ruby team). > > > > Thanks! About the explicit CC, well actually I was a bit "vary", > > because if it's team maintained one should not start explicitly ping > > some of the uploaders. But I'm glad if this was possible. > > It's not a problem, I am happy to help the security team as much as I > possibly can (though you'd hopefully know that by now ;)).
Yes :) > > > Indeed there would be more ruby team maintained packages which > > are currently no-dsa marked but maybe would be good to fix for > > and in bullseye. There are issues for instance in ruby-faye and > > ruby-faye-websocket as well: 967061, 959392, 967063. > > Eeks, sorry for not noticing them earlier. But I've uploaded a fix for all > three of them^ :) > > Let me know if there are more that needs immediate fixing or so! \o/ Not any right now. Well there is CVE-2020-26247 but that one might be too risky at this stage (AFAIU it is a breaking change, and thus ws moved to the 1.11.x version). Regards, Salvatore
