On Fri, Jan 20, 2017 at 11:14:57AM +0100, Salvatore Bonaccorso wrote: > @Moritz, strong opinion on that? If noth I would say to mark all of > the ruby2.1 CVEs open (CVE-2016-7798, CVE-2016-2337 and CVE-2016-2339) > as no-dsa and include them (if you can) in the next point release or > for any future ruby2.1 DSA.
Agreed. Cheers, Moritz