Hey, On Sat, Mar 30, 2019 at 9:41 PM Ivo De Decker <iv...@debian.org> wrote:
> Control: tags -1 moreinfo > > Hi, > > On Wed, Mar 27, 2019 at 07:11:57PM +0530, Utkarsh Gupta wrote: > > Please unblock package ruby-doorkeeper-openid-connect. > > > > There was a CVE bug (#924747) reported against the package with severity: > > grave. > > It was reported on 16th March and was resolved in the latest upload, > which was > > on 24th March. > > Thus, requesting you to please unblock the same and let it be a part of > Buster, > > as was going to :) > > This upload seems to include a number of changes other than the fix for the > security issue. This doesn't seem to comply with the freeze policy. Perhaps > you can clarify the changes. Otherwise, please revert the upload and > upload a > targeted fix for this issue. > I do understand your point but the there are only minor changes done except for the bug fixing :( I was hoping for it to get unblocked (that is why I didn't do a minor update but just a patch update). Also, since gitlab is its only reverse dependency, it'll not be a problem to unblock I guess? If not possible, I'd perhaps be targetting for buster-backports, but was wishing to be unblocked to avoid other workarounds. Thanks, > > Ivo > Best, Utkarsh