Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: c03bd728 by Markus Koschany at 2021-07-01T10:37:58+02:00 Reclaim the ruby packages and jetty9 in dla-needed.txt. - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -64,7 +64,7 @@ intel-microcode NOTE: 20210622: we'll wait for a couple of days more before rolling NOTE: 20210622: out the update. (utkarsh) -- -jetty9 +jetty9 (Markus Koschany) -- libxstream-java (Sylvain Beucler) NOTE: 20210603: upstream changed the default security framework to a whitelist, @@ -94,14 +94,14 @@ python-babel -- rabbitmq-server (Abhijith PA) -- -ruby-actionpack-page-caching +ruby-actionpack-page-caching (Markus Koschany) NOTE: 20200819: Upstream's patch on does not apply due to subsequent NOTE: 20200819: refactoring. However, a quick look at the private NOTE: 20200819: page_cache_file method suggests that the issue exists, as it NOTE: 20200819: uses the path without normalising any "../" etc., simply NOTE: 20200819: URI.parser.unescap-ing it. Requires more investigation. (lamby) -- -ruby-kaminari +ruby-kaminari (Markus Koschany) NOTE: 20200819: The source in Debian (at least in LTS) appears to have a different lineage to NOTE: 20200819: the one upstream or in its many forks. For example, both dthe NOTE: 20200819: kaminari/kaminari and amatsuda/kaminari repositories does no have the View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c03bd7280eda2bde05b261ab615c063593fbf23f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c03bd7280eda2bde05b261ab615c063593fbf23f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
