[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of ruby-eventmachine?

Hi Christian,

2016-06-28 7:27 GMT+02:00 Christian Hofstaedtler <zeha@debian.org>:
> Hi,
> * Bálint Réczey <balint@balintreczey.hu> [160628 00:28]:
>> Dear Ruby and LTS Maintainers,
>> I plan updating the ruby-eventmachine package in Wheezy LTS to
>> fix the following security issue:
>> https://security-tracker.debian.org/tracker/TEMP-0678512-2E167C
>> Please see the diff to previous version attached.

Thanks! I also tried the new test without fixing the issue in the code
and it crashes nicely.

> Only gave this a quick glance, but LGTM.
>> I plan updating Jessie's version through jessie-proposed-updates, since
>> the issue is marked as no-DSA.
> This can probably still go through debian-security?

I'll ask them, showing the proposed diff.

> Also, given there's no ruby1.8 in jessie, the diff will be a lot
> smaller I guess.

IMO the difference is very small and I'd rather add the few macros for 1.8
than breaking the source package's compatibility with the update.

I have pushed my changes to the packaging repository in two new branches here:


>> Cheers,
>> Balint
> Thanks,
> Christian

Reply to: