dla: add ruby-nokogiri following conversation with initial triager

author: Sylvain Beucler <beuc@beuc.net> 2021-04-03 16:20:37 +0200
committer: Sylvain Beucler <beuc@beuc.net> 2021-04-03 16:20:37 +0200
commit: 354028de314ed6f94981e658d6dcd1928c4b3e7b (patch)
tree: f8aa8c5c60f3078512d18a9d2cbf2c25f8133d2c
parent: 49ef50be2bb39c5cabc3cad9abb7fa062e7d4ba2 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 0941a320ed..63f616c2bf 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -128,6 +128,10 @@ ruby-kaminari
   NOTE: 20201009: This (↑) is an app-level patch for a rails app. A library-level patch
   NOTE: 20201009: will needed to be written. Opened an issue at upstream, though somewhat inactive. (utkarsh)
 --
+ruby-nokogiri
+  NOTE: 20210403: CVE-2020-26247: Java-level API not included in stretch but CVE also affects C/Ruby-level APIs;
+  NOTE: 20210403: check if default change (trust -> don't trust external schemas) possibly breaks compatibility (Beuc)
+--
 salt (Utkarsh)
   NOTE: 20210329: WIP (utkarsh)
 --
author	Sylvain Beucler <beuc@beuc.net>	2021-04-03 16:20:37 +0200
committer	Sylvain Beucler <beuc@beuc.net>	2021-04-03 16:20:37 +0200
commit	354028de314ed6f94981e658d6dcd1928c4b3e7b (patch)
tree	f8aa8c5c60f3078512d18a9d2cbf2c25f8133d2c
parent	49ef50be2bb39c5cabc3cad9abb7fa062e7d4ba2 (diff)