Version in base suite: 12.3.1-3

Base version: rake_12.3.1-3
Target version: rake_12.3.1-3+deb10u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/r/rake/rake_12.3.1-3.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/r/rake/rake_12.3.1-3+deb10u1.dsc

 changelog                   |    7 +++++++
 patches/CVE-2020-8130.patch |   18 ++++++++++++++++++
 patches/series              |    1 +
 3 files changed, 26 insertions(+)

diff -Nru rake-12.3.1/debian/changelog rake-12.3.1/debian/changelog
--- rake-12.3.1/debian/changelog	2018-05-02 13:46:41.000000000 +0000
+++ rake-12.3.1/debian/changelog	2020-02-29 15:10:36.000000000 +0000
@@ -1,3 +1,10 @@
+rake (12.3.1-3+deb10u1) buster; urgency=high
+
+  * Team upload
+  * Add patch to use File.open explicitly. (Fixes: CVE-2020-8130)
+
+ -- Utkarsh Gupta <utkarsh@debian.org>  Sat, 29 Feb 2020 20:40:36 +0530
+
 rake (12.3.1-3) unstable; urgency=medium
 
   * Revert the drop of the ruby dependency. See Debian bug #897279 for related
diff -Nru rake-12.3.1/debian/patches/CVE-2020-8130.patch rake-12.3.1/debian/patches/CVE-2020-8130.patch
--- rake-12.3.1/debian/patches/CVE-2020-8130.patch	1970-01-01 00:00:00.000000000 +0000
+++ rake-12.3.1/debian/patches/CVE-2020-8130.patch	2020-02-29 15:04:19.000000000 +0000
@@ -0,0 +1,18 @@
+Description: Use File.open explicitly.
+Author: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Author: Utkarsh Gupta <utkarsh@debian.org>
+Origin: https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2020-8130
+Last-Update: 2020-02-29
+
+--- a/lib/rake/file_list.rb
++++ b/lib/rake/file_list.rb
+@@ -294,7 +294,7 @@
+       matched = 0
+       each do |fn|
+         begin
+-          open(fn, "r", *options) do |inf|
++          File.open(fn, "r", *options) do |inf|
+             count = 0
+             inf.each do |line|
+               count += 1
diff -Nru rake-12.3.1/debian/patches/series rake-12.3.1/debian/patches/series
--- rake-12.3.1/debian/patches/series	2018-05-02 13:46:41.000000000 +0000
+++ rake-12.3.1/debian/patches/series	2020-02-29 15:01:31.000000000 +0000
@@ -1,3 +1,4 @@
 0001-test-helper-adapt-to-test-installed-package.patch
 0002-rake-testtask-never-include-I-usr-lib-ruby-vendor_ru.patch
 0003-gemspec-drop-git-usage.patch
+CVE-2020-8130.patch