Hi,
On 27/01/2025 12:04, Sylvain Beucler wrote:
Hi,
Do we plan/want to fix these REXML vulnerabilities accordingly in
ruby3.1 (6 postponed) and ruby3.3 (1 unfixed) ?
This sounds like a candidate for a (O)SPU task:
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues
We (ruby maintainers) are planning a SPU to also fix another bug, we
should squeeze in the no-DSA fixes as well.
For ruby3.3, we should update to the latest upstream patch release
before the trixie release.
Cheers!
--
Lucas Kanashiro
