Hi Sylvain, On Wed, Jun 17, 2020 at 11:09:41PM +0200, Sylvain Beucler wrote: > Hi Security Team, > > I see that 'rails' is present in dsa-needed.txt.
Right, current open rails issues would warrant a DSA. > I'm currently testing an update for jessie and I can prepare an update > for stretch (which appears to be similar). > (not sure what's the plan for buster) > Would you be interested? Yes if you are interested in contributing the updates, help is welcome. Apart the proposed debdiffs, would be ideal to hear what you were able to test/check. So assuming you are intersted in preparing the stretch-security one, would you as well work on the buster-security one? (it has different set of open CVEs to be addressed). > Note: since there's 2:4.2.7.1-1+deb9u2 in stretch-proposed-updates, > would it be OK to prepare a deb9u3 straight for stretch-security? Right, given 2:4.2.7.1-1+deb9u2 was uploaded to stretch-proposed-updates and as well already acked by SRM please just build on top of it as 2:4.2.7.1-1+deb9u3 for stretch-security. Regards, Salvatore
