On Fri, Jan 20, 2017 at 11:25:22AM +0100, Moritz Muehlenhoff wrote: > On Fri, Jan 20, 2017 at 11:14:57AM +0100, Salvatore Bonaccorso wrote: > > @Moritz, strong opinion on that? If noth I would say to mark all of > > the ruby2.1 CVEs open (CVE-2016-7798, CVE-2016-2337 and CVE-2016-2339) > > as no-dsa and include them (if you can) in the next point release or > > for any future ruby2.1 DSA. > > Agreed.
perfect, thanks. Marked as no-dsa. Regards, Salvatore
