Re: rails update

2020-06-19 Thread Salvatore Bonaccorso
Hi Sylvain, On Wed, Jun 17, 2020 at 11:09:41PM +0200, Sylvain Beucler wrote: > Hi Security Team, > > I see that 'rails' is present in dsa-needed.txt. Right, current open rails issues would warrant a DSA. > I'm currently testing an update for jessie and I can prepare an update > for stretch (whi

Re: rails update

2020-06-19 Thread Utkarsh Gupta
Hi all, On Fri, Jun 19, 2020 at 3:10 PM Salvatore Bonaccorso wrote: > > I'm currently testing an update for jessie and I can prepare an update > > for stretch (which appears to be similar). > > (not sure what's the plan for buster) > > Would you be interested? > > Yes if you are interested in con

Re: rails update

2020-06-19 Thread Utkarsh Gupta
On Fri, Jun 19, 2020 at 10:46 PM Utkarsh Gupta wrote: > Just letting you know with my rails' maintainer hat on.. > I faced a regression where I think, activestorage (one of rails' binary), > broke and in turn, it broke a bunch of other gems as well. > > Please ensure that the fix of these CVE(s) w

Re: rails update

2020-06-19 Thread Sylvain Beucler
Hi Security Team, Utkarsh, On 19/06/2020 11:40, Salvatore Bonaccorso wrote: > On Wed, Jun 17, 2020 at 11:09:41PM +0200, Sylvain Beucler wrote: >> I'm currently testing an update for jessie and I can prepare an update >> for stretch (which appears to be similar). >> (not sure what's the plan for bu

Re: libdatetime-timezone-perl

2020-06-19 Thread Ola Lundqvist
Hi I have added a note about this now. I have another question about this package, but I'll start a new thread about that. // Ola On Thu, 8 Nov 2018 at 10:08, Raphael Hertzog wrote: > > Hi, > > On Wed, 07 Nov 2018, Santiago Ruano Rincón wrote: > > I included it to dla-needed. It doesn't have an

libdatetime-timezone-perl need to wait?

2020-06-19 Thread Ola Lundqvist
Hi Roberto In the DLA needed entry for libdatetime-timezone-perl you have mentioned that we need to wait for oldstable update via point release before the LTS update is made. When looking at the version numbers for the different releases I fail to see the necessity of that. Have I missed somethin

Re: libdatetime-timezone-perl need to wait?

2020-06-19 Thread Sylvain Beucler
Hi, On 19/06/2020 23:29, Ola Lundqvist wrote: > In the DLA needed entry for libdatetime-timezone-perl you have > mentioned that we need to wait for oldstable update via point release > before the LTS update is made. When looking at the version numbers for > the different releases I fail to see the