From 294168cf828fd08951780b8a90f20440dd3a020d Mon Sep 17 00:00:00 2001
From: Sylvain Beucler <beuc@beuc.net>
Date: Sat, 3 Apr 2021 16:20:37 +0200
Subject: dla: add ruby-nokogiri following conversation with initial triager

---
 data/dla-needed.txt | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 0941a320ed..63f616c2bf 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -128,6 +128,10 @@ ruby-kaminari
   NOTE: 20201009: This (↑) is an app-level patch for a rails app. A library-level patch
   NOTE: 20201009: will needed to be written. Opened an issue at upstream, though somewhat inactive. (utkarsh)
 --
+ruby-nokogiri
+  NOTE: 20210403: CVE-2020-26247: Java-level API not included in stretch but CVE also affects C/Ruby-level APIs;
+  NOTE: 20210403: check if default change (trust -> don't trust external schemas) possibly breaks compatibility (Beuc)
+--
 salt (Utkarsh)
   NOTE: 20210329: WIP (utkarsh)
 --
-- 
cgit v1.2.3