Hi ruby-rest-client maintainer(s) and Debian LTS team
This is my second contribution to Debian LTS and this time I need some advice. This fix require a dependency on ruby-http-cookie which is not in wheezy.
I have prepared an update of the ruby-rest-client package to correct the problem described in
(I have not fixed CVE-2015-3448 as it was marked as "no DSA" in the security tracker).
The change was simple as the fix was in jessie 1.6.7-6 with a prepared patch. So I have simply copied the patch file and series file to the debian/patch directory, changed the changelog and control file and rebuilt.
The prepared package is here:
The debdiff is here:
I see two options:
1) I upload this fix above and we introduce the ruby-http-cookie (its dependencies are already there, I have tested with the jessie version of ruby-http-cookie on wheezy, so it is just to add this package too)
2) We tell that the fix is not important enough.
I do not see the point in trying to change the correction in some other way for wheezy.
Thanks in advance.
Best regards,
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------