Hi Guixers,
What should we do in the event that we don't have time to quickly fix packages
that depend on a package that has an open CVE on it?
For example,
I provided gunicorn-next in a recent commit to master which fixes CVE-2024-1135
but I don't have time at the moment to fix the bad gunico
Zheng Junjie writes:
> Ricardo Wurmus writes:
>
>> Zheng Junjie writes:
>>
>>> This patch should fix it.
>>
>> Thank you for the patch!
>>
>>> From f41bf905cfb1395a53cfc0d79315148ac9ba0a79 Mon Sep 17 00:00:00 2001
>>> Message-ID:
>>>
>>> From: Zheng Junjie
>>> Date: Tue, 16 Jul 2024 00:06:39
