Hi I think the Debian Security team usually wants to judge that on their own. You can write a note about it in the CVE entry. So before the regular security team has said anything we should not do that.
// Ola On Tue, 28 Apr 2020 at 10:26, Utkarsh Gupta <[email protected]> wrote: > > Hi all, > > On Fri, Apr 24, 2020 at 3:09 AM Utkarsh Gupta <[email protected]> wrote: > > Thank you for this. I've started to think on the same lines. > > During this weekend, I'll take a quick look over what other > > distributions are doing for this. > > I took a look and couldn't find anything. Interestingly, the advisory[1] > by GitHub has also marked this as of "low" severity. > > > And if I don't find something, we could perhaps mark this as "no-dsa"? > > Therefore, I have marked this as no-dsa in Jessie, at least. > D'you think I should go on and mark this as no-dsa for Stretch and Buster, > too? > > > Best, > Utkarsh > --- > [1]: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3 -- --- Inguza Technology AB --- MSc in Information Technology ---- | [email protected] [email protected] | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
