Hi Ola,
I had a look in this package a couple of weeks ago and I found the same problem. I discussed it with Antonio and I think that we can skip this package instead of add a new dependency in wheezy. We guess that implement a cookie_jar "by hand" is not a good idea :)
Cheers,
Hi ruby-rest-client maintainer(s) and Debian LTS teamThis is my second contribution to Debian LTS and this time I need some advice. This fix require a dependency on ruby-http-cookie which is not in wheezy.I have prepared an update of the ruby-rest-client package to correct the problem described in(I have not fixed CVE-2015-3448 as it was marked as "no DSA" in the security tracker).The change was simple as the fix was in jessie 1.6.7-6 with a prepared patch. So I have simply copied the patch file and series file to the debian/patch directory, changed the changelog and control file and rebuilt.The prepared package is here:The debdiff is here:I see two options:1) I upload this fix above and we introduce the ruby-http-cookie (its dependencies are already there, I have tested with the jessie version of ruby-http-cookie on wheezy, so it is just to add this package too)2) We tell that the fix is not important enough.I do not see the point in trying to change the correction in some other way for wheezy.Thanks in advance.Best regards,// Ola----- Inguza Technology AB --- MSc in Information Technology ----/ ola@inguza.com Folkebogatan 26 \| opal@debian.org 654 68 KARLSTAD || http://inguza.com/ Mobile: +46 (0)70-332 1551 |\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /---------------------------------------------------------------