Re: rails update

To: Sylvain Beucler <beuc@beuc.net>, Debian Security Team <team@security.debian.org>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: rails update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Fri, 19 Jun 2020 22:50:06 +0530
Message-id: <[🔎] CAPP0f95wpEk42ZvBWn6Bx-jOWd9_CT5q21GM35c1e6TH58_dZw@mail.gmail.com>
In-reply-to: <[🔎] CAPP0f95JEBSUKAk7So5spgoA0oAc0uv7Y7nepfkMpe52GcxXHQ@mail.gmail.com>
References: <[🔎] 91e4df09-16e5-cedb-4e61-bc3970c2d116@beuc.net> <[🔎] 20200619094006.GA1126775@eldamar.local> <[🔎] CAPP0f95JEBSUKAk7So5spgoA0oAc0uv7Y7nepfkMpe52GcxXHQ@mail.gmail.com>

On Fri, Jun 19, 2020 at 10:46 PM Utkarsh Gupta <utkarsh@debian.org> wrote:
> Just letting you know with my rails' maintainer hat on..
> I faced a regression where I think, activestorage (one of rails' binary),
> broke and in turn, it broke a bunch of other gems as well.
>
> Please ensure that the fix of these CVE(s) won't break other libraries
> because otherwise, it would mess up an instance.
> Of course, the tests would pass, but if you can check and ensure that
> it's not breaking other stuff, you're good to go! :)

Also, I think it originated  due to babel (I am not sure though!), but that was
the closest I got to when debugging.
If so, then I don't think anything would break.

Anyway, this was the patch that fixed the regression:
https://salsa.debian.org/ruby-team/rails/-/commit/fe3206768ed30b8eb6a83e74fc813e616d7d0db3


Best,
Utkarsh

Reply to:

Follow-Ups:
- Re: rails update
  - From: Sylvain Beucler <beuc@beuc.net>

References:
- rails update
  - From: Sylvain Beucler <beuc@beuc.net>
- Re: rails update
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Re: rails update
  - From: Utkarsh Gupta <utkarsh@debian.org>

Prev by Date: Re: rails update
Next by Date: Re: rails update
Previous by thread: Re: rails update
Next by thread: Re: rails update
Index(es):
- Date
- Thread