Hi Salvatore,
On Sun, Jan 3, 2021 at 1:34 AM Salvatore Bonaccorso wrote:
> Not any right now. Well there is CVE-2020-26247 but that one might be
> too risky at this stage (AFAIU it is a breaking change, and thus ws
> moved to the 1.11.x version).
Lucas uploaded a new version, thereby fixing this
Hi Utkarsh,
On Sat, Jan 02, 2021 at 06:38:37PM +0530, Utkarsh Gupta wrote:
> Hi Salvatore,
>
> On Sat, Jan 2, 2021 at 5:55 PM Salvatore Bonaccorso wrote:
> > > Of course. Uploaded a fix! :)
> > > (thanks for the explicit CC, please do it next time as well if you
> > > want me to take care of som
Hi Salvatore,
On Sat, Jan 2, 2021 at 5:55 PM Salvatore Bonaccorso wrote:
> > Of course. Uploaded a fix! :)
> > (thanks for the explicit CC, please do it next time as well if you
> > want me to take care of something which falls under the Ruby team).
>
> Thanks! About the explicit CC, well actuall
Hi Utkarsh
On Sat, Jan 02, 2021 at 05:45:04PM +0530, Utkarsh Gupta wrote:
> Hello,
>
> On Sat, Jan 2, 2021 at 2:02 AM Salvatore Bonaccorso wrote:
> > While strictly speaking this issue is no-dsa for buster, I'm raising
> > the severity to RC, would it be possible to address this issue for
> > un
Hello,
On Sat, Jan 2, 2021 at 2:02 AM Salvatore Bonaccorso wrote:
> While strictly speaking this issue is no-dsa for buster, I'm raising
> the severity to RC, would it be possible to address this issue for
> unstable (and so bullseye) before the freeze?
Of course. Uploaded a fix! :)
(thanks for
Control: severity -1 grave
Cc'ing Utkarsh as one of the last uploaders.
On Mon, Jun 22, 2020 at 09:02:13AM +0200, Salvatore Bonaccorso wrote:
> Source: ruby-rack
> Version: 2.1.1-5
> Severity: important
> Tags: security upstream
>
> Hi,
>
> The following vulnerability was published for ruby-rac
Source: ruby-rack
Version: 2.1.1-5
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for ruby-rack.
CVE-2020-8184[0]:
| A reliance on cookies without validation/integrity check security
| vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it
| i
7 matches
Mail list logo
