Re: #774748: ruby-redcloth: CVE-2012-6684

To: 774748@bugs.debian.org, Moritz Muehlenhoff <jmm@inutil.org>
Cc: debian-ruby@lists.debian.org
Subject: Re: #774748: ruby-redcloth: CVE-2012-6684
From: Christian Hofstaedtler <zeha@debian.org>
Date: Fri, 9 Jan 2015 22:57:13 +0100
Message-id: <[🔎] 20150109215713.GA61903@sx.local>

AFAICT there is no publicly available patch, and upstream is more or
less "dead".

Redmine's patched redcloth3 looks very different from the current
redcloth 4.x sources, so I have my doubts if forward porting this
is feasible.

Suggestions welcome.

-- 
 ,''`.  Christian Hofstaedtler <zeha@debian.org>
: :' :  Debian Developer
`. `'   7D1A CFFA D9E0 806C 9C4C  D392 5C13 D6DB 9305 2E03
  `-

Attachment: pgpKiIsLfCDtK.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: #774748: ruby-redcloth: CVE-2012-6684
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Re: jquery-rails and rails-assets-jquery
Next by Date: Re: Tests not being run in pbuilder
Previous by thread: Re: jquery-rails and rails-assets-jquery
Next by thread: Re: #774748: ruby-redcloth: CVE-2012-6684
Index(es):
- Date
- Thread