Due to the security nature of this fix (resolves 3 CVEs), I am going to upload this to the archive for you. I've changed the severity to high and will upload the package immediately, please use severity 'high' on all future security uploads.
In the future its probably best if there is a security issue in the package to ask someone in the debian testing team to sponsor your upload if you cannot. >> So that just leaves lenny, and it might be quicker just to wait the 10 >> days for it to be promoted from sid to lenny, than to do the work of >> backporting the XSS fix to 1.2.3. >Lenny doesn't matter right now as part of security. This is not a remote >code execution hence foot-dragging on my part. It is only a XSS that is >specific to usage of some code in rails. There are ways a web >application can treat all input data and sanitize it without relying on >rails/ruby to do it with magic functions. Actually, Lenny *does* matter in terms of security, that is the whole point of the testing security team. Micah
signature.asc
Description: Digital signature
