Control: tags -1 moreinfo On 2023-03-19 17:48:16 +0530, Pirate Praveen wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > X-Debbugs-Cc: ruby-asciidoctor-include-...@packages.debian.org > Control: affects -1 + src:ruby-asciidoctor-include-ext > > Please unblock package ruby-asciidoctor-include-ext > > [ Reason ] > This fixes a security issue CVE-2022-24803/#1009035 though it also includes > an upstream update. > This was uploaded to experimental on 2022-06-26 but missed reuploading to > unstable as gitlab was > using the versions directly from experimental (it was uploaded to > experimental to not break the > previos gitlab version before it switched to 0.4 version). Noticed this > today in the rc bug list. > > [ Impact ] > Only reverse dependency is gitlab so it should not impact any other package > in bookworm. > > [ Tests ] > gitlab in experimental was using it already for quite some time (upstream > gitlab tests are fine) > > [ Risks ] > For bookworm it is a leaf package (only used by gitlab which is in > unstable/experimental only) > > [ Checklist ] > [x] all changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [ ] attach debdiff against the package in testing
Please provide a debdiff Cheers > > [ Other info ] > Since it has some other upstream changes, I have not included the debdiff. > > unblock ruby-asciidoctor-include-ext/0.4.0-2 > -- Sebastian Ramacher