[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of ruby-eventmachine?

Hi Christian,

2016-06-28 7:27 GMT+02:00 Christian Hofstaedtler <zeha@debian.org>:
> Hi,
>
> * Bálint Réczey <balint@balintreczey.hu> [160628 00:28]:
>> Dear Ruby and LTS Maintainers,
>>
>> I plan updating the ruby-eventmachine package in Wheezy LTS to
>> fix the following security issue:
>> https://security-tracker.debian.org/tracker/TEMP-0678512-2E167C
>>
>> Please see the diff to previous version attached.

Thanks! I also tried the new test without fixing the issue in the code
and it crashes nicely.

>
> Only gave this a quick glance, but LGTM.
>
>> I plan updating Jessie's version through jessie-proposed-updates, since
>> the issue is marked as no-DSA.
>
> This can probably still go through debian-security?

I'll ask them, showing the proposed diff.

> Also, given there's no ruby1.8 in jessie, the diff will be a lot
> smaller I guess.

IMO the difference is very small and I'd rather add the few macros for 1.8
than breaking the source package's compatibility with the update.

I have pushed my changes to the packaging repository in two new branches here:
https://anonscm.debian.org/cgit/pkg-ruby-extras/ruby-eventmachine.git

Cheers,
Balint

>
>> Cheers,
>> Balint
>
> Thanks,
> Christian
>
Reply to: