Bug#964274: ruby-websocket-extensions: CVE-2020-7663

Salvatore Bonaccorso Wed, 05 May 2021 13:39:12 -0700

Hi Andreas,

On Wed, May 05, 2021 at 09:57:09PM +0200, Andreas Beckmann wrote:
> Followup-For: Bug #964274
> 
> Hi,
> 
> CVE-2020-7663 is fixed in stretch-security but not buster, making
> upgrades difficult since stetch-security has a newer version than buster.
> Please upload the fix to buster, too.
> 
>  ruby-websocket-extensions | 0.1.2-1        | stretch          | source, all
>  ruby-websocket-extensions | 0.1.2-1        | buster           | source, all
>  ruby-websocket-extensions | 0.1.2-1+deb9u1 | stretch-security | source, all
>  ruby-websocket-extensions | 0.1.5-1        | bullseye         | source, all
>  ruby-websocket-extensions | 0.1.5-1        | sid              | source, all


Thanks for raising the issue. In fact this issue won't warrant a DSA
for buster, so a fix goes ideally in via one of the upcoming point
releases.

Regards,
Salvatore

Bug#964274: ruby-websocket-extensions: CVE-2020-7663

Reply via email to