Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4

To: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Cc: Debian LTS <debian-lts@lists.debian.org>, admins@kali.org
Subject: Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
From: Abhijith PA <abhijith@debian.org>
Date: Tue, 13 Sep 2022 23:30:19 +0530
Message-id: <[🔎] YyDFM39SkJ3oLmeP@debian.org>
In-reply-to: <[🔎] CAPP0f94inoY9XxtLcEo0-=ePsaEW=nzDxb5WZpM=yKN95uboZg@mail.gmail.com>
References: <[🔎] YxhgCcBlYpjA1YbL@t14-buxy.home.ouaza.com> <[🔎] YxsyrR7yidBrnVlP@disroot.org> <[🔎] CAPP0f97Wq8bie76Nd8Ywcn0tKUyE4uG5AHsfxQ8AFX4gi_8iKw@mail.gmail.com> <[🔎] YxzQ3GStcLvdmmk6@debian.org> <[🔎] CAPP0f94inoY9XxtLcEo0-=ePsaEW=nzDxb5WZpM=yKN95uboZg@mail.gmail.com>

Hey,

On 12/09/22 04:08 PM, Utkarsh Gupta wrote:
> Hi Abhijith,
> 
> On Sat, Sep 10, 2022 at 11:31 PM Abhijith PA <abhijith@disroot.org> wrote:
> > > Please don't upload yet. We either upload what I have or just rollback
> > > the fix for CVE-2022-32224. Wait for the further decision or let me
> > > handle that - whatever works for you. :D
> >
> > Should I rollback CVE-2022-32224 for now. And once we test your patch
> > and upstream's on branch 5.2.x (if they produce), we can upload then.
> 
> Yes, that'd make sense. I'll start a separate thread for
> CVE-2022-32224. Roll back for now so there's no regression at least.

I've disabled patch for CVE-2022-32224. Also tested against redmine. 
Looks good for me. Can you give a smoke test. I will upload to 
archive.

https://people.debian.org/~abhijith/upload/fix_rails/


--abhijith

Reply to:

Follow-Ups:
- Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
  - From: Raphael Hertzog <hertzog@debian.org>

References:
- Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
  - From: Raphael Hertzog <raphael@offensive-security.com>
- Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
  - From: Abhijith PA <abhijith@disroot.org>
- Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
  - From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
- Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
  - From: Abhijith PA <abhijith@disroot.org>
- Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
  - From: Utkarsh Gupta <guptautkarsh2102@gmail.com>

Prev by Date: Re: Bug#961654: buster-pu: package bzip2/1.0.6-9.2~deb10u1
Next by Date: Re: Proposal: Rebuilding 4.19 from Upstream LTS kernel
Previous by thread: Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
Next by thread: Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
Index(es):
- Date
- Thread