About the security issues affecting ruby1.9.1 and ruby1.8 in Wheezy
Hello ruby maintainers,
The Debian LTS team recently reviewed the security issue(s) affecting
ruby1.8 and ruby1.9.1 in Wheezy:
https://security-tracker.debian.org/tracker/CVE-2015-9096
We decided that we would not prepare a wheezy security update because
the issue assumes that malicious content can be forwarded from the
user up to the Net::SMTP call and a well-written application should
have already validated any data it sends to the RCPT TO or MAIL FROM
call.
That said the wheezy users would most certainly benefit from a fixed
package.
If you want to work on such an update, you're welcome to do so. Please
try to follow the workflow we have defined here:
https://wiki.debian.org/LTS/Development
If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts@lists.debian.org (via a
debdiff, or with an URL pointing to the source package, or even with a
pointer to your packaging repository), and the members of the LTS team
will take care of the rest. However please make sure to submit a tested
package.
Thank you very much.
Raphaël Hertzog,
on behalf of the Debian LTS team.
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
Reply to: