Hello security-team, I am currently preparing an upload for ruby-rack in bullseye LTS. I've also prepared an update for trixie for ruby-rack[1] except CVE-2026-26962[2]. I will do the same for bookworm too. ruby-rack is listed in data/dsa-needed.txt, but the planned point releases are on 16th May.
So should I hand over for normal DSA or shall I do the SPU/OSPU since point releases date are very close. Thanks. --abhijith [1] - https://salsa.debian.org/ruby-team/ruby-rack/-/tree/debian/trixie?ref_type=heads [2] - need some more clarity on why CVE-2026-26962 not affecting 3.1.x But most probably it is <not-affected> as upstream advisory explicitly mentioned so.
signature.asc
Description: PGP signature
