Control: tags -1 + confirmed On Thu, 2020-02-06 at 17:33 +0100, Daniel Leidert wrote: > The proposed update will fix CVE-2019-16770 (#946312) for Buster > users. The security team marked the issue no-dsa and asked to > schedule the fix via the next point release. The debdiff is attached. > The patch to fix the CVE has been taken from upstream's Git > repository.
+puma (3.12.0-2+deb10u1) buster-security; urgency=medium Just "buster" for p-u, please. +Subject: Merge pull request from GHSA-7xx3-m584-x994 + +could monopolize a thread. Previously, this could make a DoS attack more +severe. Is there a missing line (or at least words) before "could monopolize" there? In any case, please go ahead (with the fixed distribution). Regards, Adam