Hi Antoine! El 17/04/18 a las 11:58, Antoine Beaupré escribió: > Also, after talking with my old colleagues, I just realized that they > might be using Ruby 1.8 and not 1.9.1. It seems we have triaged those > out of the picture, but maybe all 1.8 packages are affected by a bunch > of those issues too? This looks suspiciously sparse: > > https://security-tracker.debian.org/tracker/source-package/ruby1.8 > > ... when compared to the larger: > > https://security-tracker.debian.org/tracker/source-package/ruby1.9.1 > > I feel it's quite possible we have forgotten a bunch of CVEs in Ruby > 1.8, is it possible? Part of the issues relates to rubygems which is not shipped in ruby1.8. But maybe the rest of the issues (the bunch that was fixed in the recent upstream release) needs to be re-checked. I will triage them. To answer your other mail, I didn't find any regression in the test suite, comparing to the current revision. Unfortunately, I don't have a anything in production related to ruby where I can do something more than a smoke test. Thanks! S
Attachment:
signature.asc
Description: PGP signature