Bug#986806: CVE-2021-28965

2021-04-18 Thread Salvatore Bonaccorso
Hi Pirate, On Sun, Apr 18, 2021 at 10:26:31PM +0530, Pirate Praveen wrote: > On Sun, 18 Apr 2021 15:04:56 +0200 Salvatore Bonaccorso > wrote: > > Hi, > > > > On Sat, Apr 17, 2021 at 10:34:24PM +0530, Pirate Praveen wrote: > > > > > > > > > On Sat, Apr 17, 2021 at 10:16 pm, Utkarsh Gupta > wrote:

Bug#986806: CVE-2021-28965

2021-04-18 Thread Pirate Praveen
On Sun, 18 Apr 2021 15:04:56 +0200 Salvatore Bonaccorso wrote: > Hi, > > On Sat, Apr 17, 2021 at 10:34:24PM +0530, Pirate Praveen wrote: > > > > > > On Sat, Apr 17, 2021 at 10:16 pm, Utkarsh Gupta wrote: > > > Makes sense. Probably the time to RM ruby-rexml from the archive is > > > *now*? >

Bug#986806: CVE-2021-28965

2021-04-18 Thread Salvatore Bonaccorso
Hi, On Sat, Apr 17, 2021 at 10:34:24PM +0530, Pirate Praveen wrote: > > > On Sat, Apr 17, 2021 at 10:16 pm, Utkarsh Gupta wrote: > > Makes sense. Probably the time to RM ruby-rexml from the archive is > > *now*? > > Requested removal from archive in #987101 Thanks for filling the removal! I

Bug#986806: CVE-2021-28965

2021-04-17 Thread Pirate Praveen
On Sat, Apr 17, 2021 at 10:16 pm, Utkarsh Gupta wrote: Makes sense. Probably the time to RM ruby-rexml from the archive is *now*? Requested removal from archive in #987101

Bug#986806: CVE-2021-28965

2021-04-17 Thread Utkarsh Gupta
Hi Praveen, On Fri, Apr 16, 2021 at 3:24 PM Pirate Praveen wrote: > I think the separate package was introduced by mistake without seeing > the copy embedded in ruby. I think the right way is to fix this in ruby > and remove this separate package. But I'd like someone from ruby team > to confirm

Bug#986806: CVE-2021-28965

2021-04-17 Thread Antonio Terceiro
On Fri, Apr 16, 2021 at 03:22:24PM +0530, Pirate Praveen wrote: > On Mon, 12 Apr 2021 12:05:29 +0200 Moritz Muehlenhoff > wrote: > > https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ > > > > Why is there a separate package duplicating rexml from src

Bug#986806: CVE-2021-28965

2021-04-16 Thread Pirate Praveen
On Mon, 12 Apr 2021 12:05:29 +0200 Moritz Muehlenhoff wrote: > https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ > > Why is there a separate package duplicating rexml from src:ruby2.7 in bullseye? I think the separate package was introduced by

Bug#986806: CVE-2021-28965

2021-04-12 Thread Moritz Muehlenhoff
Package: ruby-rexml Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ Why is there a separate package duplicating rexml from src:ruby2.7 in bullseye? Cheers, Moritz