Prepare stable update of ruby-doorkeeper

We received a report from the security team concerning a package which has one or more CVEs fixed by a DLA, but the same CVEs remain unfixed in more recent releases. In this case, the remaining open CVEs have been marked by the security team, so they have no immediate plans to deal with them. Please coordinate with the maintainer and SRM to have an updated package included in the next point release (for CVEs affecting bookworm) and/or prepare a supplementary DLA (for CVEs affecting bullseye). Additionally, please keep the security team informed concerning this matter by mailing team@security.debian.org with a brief summary once a course of action has been agreed upon between yourself, the maintainer, and SRM (as applicable).

Package: ruby-doorkeeper
DLA: DLA-3494-1, https://lists.debian.org/debian-lts-announce/2023/07/msg00016.html
Version in DLA: 4.4.2-1+deb10u1
CVE(s): CVE-2023-34246
Fixed in: buster
Still present in: bullseye, bookworm

Note that this package has been listed in dla-needed.txt, so make sure to claim it there as well when working on this issue.

Edited Dec 06, 2024 by Roberto C. Sánchez