Hi On Wed, Oct 11, 2017 at 10:39:05PM +0200, Moritz Mühlenhoff wrote: > On Wed, Oct 11, 2017 at 10:29:32PM +0200, Salvatore Bonaccorso wrote: > > Hi Adam, > > > > On Wed, Oct 11, 2017 at 09:15:08PM +0100, Adam D. Barratt wrote: > > > On Wed, 2017-10-11 at 22:08 +0200, Holger Wansing wrote: > > > > at https://www.debian.org/News/2017/20171007 the DSA link for ruby- > > > > rack-cors > > > > is dead: > > > > > > > > https://www.debian.org/security/2017/dsa-3931 > > > > > > > > There is no such DSA. > > > > And also no such announcement on https://lists.debian.org/debian-secu > > > > rity-announce/ > > > > > > > > > > It's in DSA/list in the secure-testing repository: > > > > > > [10 Aug 2017] DSA-3931-1 ruby-rack-cors - security update > > > {CVE-2017-11173} > > > [stretch] - ruby-rack-cors 0.4.0-1+deb9u1 > > > > > > which is where the stable tools got the information from to begin with. > > > > > > The package is also in http://security.debian.org/debian-security/pool/ > > > updates/main/r/ruby-rack-cors/ > > > > > > So it looks like the announcement went missing somehow. team@security > > > CCed for comment. > > > > Indeed, it looks that the announcement at least never arived in d-s-a. > > > > I wonder if after two monts now it makes still sense to send the > > advisory or at least just import the text for the website. > > That's the DSA text, no idea why it got lost. Surely doesn't make sense to > re-send it two months later:
I imported the text into webwml repository, so at least the webpage will show up. Regards, Salvatore