Hello security-team,

I am currently preparing an upload for ruby-rack in bullseye LTS. I've
also prepared an update for trixie for ruby-rack[1] except
CVE-2026-26962[2]. I will do the same for bookworm too. ruby-rack is
listed in data/dsa-needed.txt, but the planned point releases are on
16th May.

So should I hand over for normal DSA or shall I do the SPU/OSPU since point
releases date are very close.

Thanks.

--abhijith

[1] - 
https://salsa.debian.org/ruby-team/ruby-rack/-/tree/debian/trixie?ref_type=heads
[2] - need some more clarity on why CVE-2026-26962 not affecting 3.1.x
      But most probably it is <not-affected> as upstream advisory
      explicitly mentioned so. 

Attachment: signature.asc
Description: PGP signature

Reply via email to