Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
Hey,
On 12/09/22 04:08 PM, Utkarsh Gupta wrote:
> Hi Abhijith,
>
> On Sat, Sep 10, 2022 at 11:31 PM Abhijith PA <abhijith@disroot.org> wrote:
> > > Please don't upload yet. We either upload what I have or just rollback
> > > the fix for CVE-2022-32224. Wait for the further decision or let me
> > > handle that - whatever works for you. :D
> >
> > Should I rollback CVE-2022-32224 for now. And once we test your patch
> > and upstream's on branch 5.2.x (if they produce), we can upload then.
>
> Yes, that'd make sense. I'll start a separate thread for
> CVE-2022-32224. Roll back for now so there's no regression at least.
I've disabled patch for CVE-2022-32224. Also tested against redmine.
Looks good for me. Can you give a smoke test. I will upload to
archive.
https://people.debian.org/~abhijith/upload/fix_rails/
--abhijith
Reply to: