Bug#925604: unblock: ruby-doorkeeper-openid-connect/1.5.5-1
Hey, On Sat, Mar 30, 2019 at 9:41 PM Ivo De Decker wrote: > Control: tags -1 moreinfo > > Hi, > > On Wed, Mar 27, 2019 at 07:11:57PM +0530, Utkarsh Gupta wrote: > > Please unblock package ruby-doorkeeper-openid-connect. > > > > There was a CVE bug (#924747) reported against the package with severity: > > grave. > > It was reported on 16th March and was resolved in the latest upload, > which was > > on 24th March. > > Thus, requesting you to please unblock the same and let it be a part of > Buster, > > as was going to :) > > This upload seems to include a number of changes other than the fix for the > security issue. This doesn't seem to comply with the freeze policy. Perhaps > you can clarify the changes. Otherwise, please revert the upload and > upload a > targeted fix for this issue. > I do understand your point but the there are only minor changes done except for the bug fixing :( I was hoping for it to get unblocked (that is why I didn't do a minor update but just a patch update). Also, since gitlab is its only reverse dependency, it'll not be a problem to unblock I guess? If not possible, I'd perhaps be targetting for buster-backports, but was wishing to be unblocked to avoid other workarounds. Thanks, > > Ivo > Best, Utkarsh
Bug#925604: unblock: ruby-doorkeeper-openid-connect/1.5.5-1
Control: tags -1 moreinfo Hi, On Wed, Mar 27, 2019 at 07:11:57PM +0530, Utkarsh Gupta wrote: > Please unblock package ruby-doorkeeper-openid-connect. > > There was a CVE bug (#924747) reported against the package with severity: > grave. > It was reported on 16th March and was resolved in the latest upload, which was > on 24th March. > Thus, requesting you to please unblock the same and let it be a part of > Buster, > as was going to :) This upload seems to include a number of changes other than the fix for the security issue. This doesn't seem to comply with the freeze policy. Perhaps you can clarify the changes. Otherwise, please revert the upload and upload a targeted fix for this issue. Thanks, Ivo
Bug#925604: unblock: ruby-doorkeeper-openid-connect/1.5.5-1
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Hey, Please unblock package ruby-doorkeeper-openid-connect. There was a CVE bug (#924747) reported against the package with severity: grave. It was reported on 16th March and was resolved in the latest upload, which was on 24th March. Thus, requesting you to please unblock the same and let it be a part of Buster, as was going to :) Best, Utkarsh unblock ruby-doorkeeper-openid-connect/1.5.5-1 -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled