[DRE-maint] Bug#774748: #774748: ruby-redcloth: CVE-2012-6684
Christian Hofstaedtler
zeha at debian.org
Mon Jan 26 13:37:32 UTC 2015
* Moritz Mühlenhoff <jmm at inutil.org> [150126 13:45]:
> On Fri, Jan 09, 2015 at 10:57:13PM +0100, Christian Hofstaedtler wrote:
> > AFAICT there is no publicly available patch, and upstream is more or
> > less "dead".
> >
> > Redmine's patched redcloth3 looks very different from the current
> > redcloth 4.x sources, so I have my doubts if forward porting this
> > is feasible.
> >
> > Suggestions welcome.
>
> Then we should remove it from jessie.
Looking at the rdeps, this would affect quite some packages, as
redcloth is a dependency of one of the documentation tools.
Not sure if it can be ripped out so easily.
Best,
Christian
--
,''`. Christian Hofstaedtler <zeha at debian.org>
: :' : Debian Developer
`. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20150126/ec8f9cbe/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list