On Fri, Apr 16, 2021 at 03:22:24PM +0530, Pirate Praveen wrote: > On Mon, 12 Apr 2021 12:05:29 +0200 Moritz Muehlenhoff <j...@debian.org> > wrote: > > https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ > > > > Why is there a separate package duplicating rexml from src:ruby2.7 in > bullseye? > > I think the separate package was introduced by mistake without seeing the > copy embedded in ruby. I think the right way is to fix this in ruby and > remove this separate package. But I'd like someone from ruby team to confirm > this.
agreed.
signature.asc
Description: PGP signature
