[Git][security-tracker-team/security-tracker][master] Reserve DLA-2763-1 for ruby-kaminari

Markus Koschany (@apo) Wed, 22 Sep 2021 06:41:54 -0700


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2b6ccfd4 by Markus Koschany at 2021-09-22T15:41:36+02:00
Reserve DLA-2763-1 for ruby-kaminari

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[22 Sep 2021] DLA-2763-1 ruby-kaminari - security update
+       {CVE-2020-11082}
+       [stretch] - ruby-kaminari 0.17.0-3+deb9u1
 [22 Sep 2021] DLA-2762-1 grilo - security update
        {CVE-2021-39365}
        [stretch] - grilo 0.3.2-2+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -78,20 +78,6 @@ python-babel
 qtbase-opensource-src (Utkarsh)
   NOTE: 20210914: needs further checking for vulnerability. (utkarsh)
 --
-ruby-kaminari
-  NOTE: 20200819: The source in Debian (at least in LTS) appears to have a 
different lineage to
-  NOTE: 20200819: the one upstream or in its many forks. For example, both dthe
-  NOTE: 20200819: kaminari/kaminari and amatsuda/kaminari repositories does no 
have the
-  NOTE: 20200819: @params.except(:script_name) line in any part of their 
history (although the
-  NOTE: 20200819: file has been refactored a few times). (lamby)
-  NOTE: 20200928: A new module should be written in 
config/initializers/kaminari.rb. (utkarsh)
-  NOTE: 20200928: It should prepend_features from Kaminari::Helpers::Tag. 
(utkarsh)
-  NOTE: 20201009: This (↑) is an app-level patch for a rails app. A 
library-level patch
-  NOTE: 20201009: will needed to be written. Opened an issue at upstream, 
though somewhat inactive. (utkarsh)
-  NOTE: 20210719: 
https://people.debian.org/~apo/lts/ruby-kaminari/CVE-2020-11082.patch
-  NOTE: 20210719: I believe the fix is just adding and extending the blacklist 
for ruby-kaminari.
-  NOTE: 20210719: Will discuss this with Utkarsh (maintainer) shortly.
---
 ruby2.3
   NOTE: 20210802: Utkarsh already uploaded a fix for sid/bullseye. (utkarsh)
   NOTE: 20210816: wip, backporting patches; a bit hard. (utkarsh)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b6ccfd406574e01939d3b3c274899753224bc1c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b6ccfd406574e01939d3b3c274899753224bc1c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-2763-1 for ruby-kaminari

Reply via email to