Re: #774748: ruby-redcloth: CVE-2012-6684

To: Christian Hofstaedtler <zeha@debian.org>
Cc: 774748@bugs.debian.org, Moritz Muehlenhoff <jmm@inutil.org>, debian-ruby@lists.debian.org
Subject: Re: #774748: ruby-redcloth: CVE-2012-6684
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Mon, 26 Jan 2015 13:45:32 +0100
Message-id: <[🔎] 20150126124532.GA16317@pisco.westfalen.local>
In-reply-to: <[🔎] 20150109215713.GA61903@sx.local>
References: <[🔎] 20150109215713.GA61903@sx.local>

On Fri, Jan 09, 2015 at 10:57:13PM +0100, Christian Hofstaedtler wrote:
> AFAICT there is no publicly available patch, and upstream is more or
> less "dead".
> 
> Redmine's patched redcloth3 looks very different from the current
> redcloth 4.x sources, so I have my doubts if forward porting this
> is feasible.
> 
> Suggestions welcome.

Then we should remove it from jessie.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: #774748: ruby-redcloth: CVE-2012-6684
  - From: Christian Hofstaedtler <zeha@debian.org>

References:
- Re: #774748: ruby-redcloth: CVE-2012-6684
  - From: Christian Hofstaedtler <zeha@debian.org>

Prev by Date: Re: RFS for multiple packages
Next by Date: Re: #774748: ruby-redcloth: CVE-2012-6684
Previous by thread: Re: #774748: ruby-redcloth: CVE-2012-6684
Next by thread: Re: #774748: ruby-redcloth: CVE-2012-6684
Index(es):
- Date
- Thread