Re: CVE-2021-28965

2021-04-17 Thread Pirate Praveen
On Sat, Apr 17, 2021 at 10:16 pm, Utkarsh Gupta wrote: Makes sense. Probably the time to RM ruby-rexml from the archive is *now*? Requested removal from archive in #987101

Re: Bug#986742: unblock: ruby2.7/2.7.3-1

2021-04-17 Thread Utkarsh Gupta
Hi Sebastian, On Sat, Apr 17, 2021 at 3:08 PM Sebastian Ramacher wrote: > Thanks, please go ahead and remove the moreinfo tag once the version is > available in unstable. Uploaded to unstable, thanks. And removed the tag as well. - u

Re: CVE-2021-28965

2021-04-17 Thread Utkarsh Gupta
Hi Praveen, On Fri, Apr 16, 2021 at 3:24 PM Pirate Praveen wrote: > I think the separate package was introduced by mistake without seeing > the copy embedded in ruby. I think the right way is to fix this in ruby > and remove this separate package. But I'd like someone from ruby team > to confirm

Re: CVE-2021-28965

2021-04-17 Thread Antonio Terceiro
On Fri, Apr 16, 2021 at 03:22:24PM +0530, Pirate Praveen wrote: > On Mon, 12 Apr 2021 12:05:29 +0200 Moritz Muehlenhoff > wrote: > > https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ > > > > Why is there a separate package duplicating rexml from