[Git][security-tracker-team/security-tracker][master] dla: drop ruby-sinatra, following bookworm triage

Thu, 30 Jan 2025 09:06:29 -0800 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f054da1a by Sylvain Beucler at 2025-01-30T18:06:06+01:00
dla: drop ruby-sinatra, following bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -26413,6 +26413,7 @@ CVE-2024-21510 (Versions of the package sinatra from 
0.0.0 are vulnerable to Rel
        [experimental] - ruby-sinatra 4.1.1-1
        - ruby-sinatra 4.1.1-2 (bug #1087290)
        [bookworm] - ruby-sinatra <ignored> (Minor issue, too intrusive to 
backport)
+       [bullseye] - ruby-sinatra <ignored> (Minor issue, too intrusive to 
backport)
        NOTE: https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832
        NOTE: https://github.com/sinatra/sinatra/pull/2053
        NOTE: Rejected upstream fix: 
https://github.com/sinatra/sinatra/pull/2010


=====================================
data/dla-needed.txt
=====================================
@@ -217,11 +217,6 @@ rails
 rsync (Thorsten Alteholz)
   NOTE: 20250121: Added by Front-Desk re. potential regression outlined in 
#1093696. (lamby)
 --
-ruby-sinatra
-  NOTE: 20241110: Added by Front-Desk (apo)
-  NOTE: 20241122: Was awaiting approved upstream fix; still working on 
package. (lamby)
-  NOTE: 20241204: Returning to pool; have prepared patch for CVE-2024-21510 
but tests fail in a way that requires someone better at Ruby than myself. 
(lamby)
---
 shadow
   NOTE: 20250105: Added by Front-Desk (apo)
   NOTE: 20250105: shadow is a high-profile package. Upstream discussion for 
CVE-2024-56433 is



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f054da1a121840e26f1d69e0410b00e23fbf139f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f054da1a121840e26f1d69e0410b00e23fbf139f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to