Hi, I've taken a look to https://security-tracker.debian.org/tracker/CVE-2009-5147 in the 1.8 and 1.9.1 versions of ruby and I am unsure if they deserve a DLA/DSA by their own.
I've been unable to find more information to take advantage of this issue, and other vendors consider this as low priority and even wontfix. For squeeze, the patches are already on the collab-maint repos. I can do it for wheezy too. Do you think it's ok to wait to upload them along with a further and more important fix? Cheers, Santiago
signature.asc
Description: Digital signature