Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4

To: Abhijith PA <abhijith@debian.org>
Cc: Utkarsh Gupta <guptautkarsh2102@gmail.com>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
From: Raphael Hertzog <hertzog@debian.org>
Date: Wed, 14 Sep 2022 08:39:59 +0200
Message-id: <[🔎] YyF3P9ZwuXuYWal7@t14-buxy.home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, Abhijith PA <abhijith@debian.org>, Utkarsh Gupta <guptautkarsh2102@gmail.com>, Debian LTS <debian-lts@lists.debian.org>
In-reply-to: <[🔎] YyDFM39SkJ3oLmeP@debian.org>
References: <[🔎] YxhgCcBlYpjA1YbL@t14-buxy.home.ouaza.com> <[🔎] YxsyrR7yidBrnVlP@disroot.org> <[🔎] CAPP0f97Wq8bie76Nd8Ywcn0tKUyE4uG5AHsfxQ8AFX4gi_8iKw@mail.gmail.com> <[🔎] YxzQ3GStcLvdmmk6@debian.org> <[🔎] CAPP0f94inoY9XxtLcEo0-=ePsaEW=nzDxb5WZpM=yKN95uboZg@mail.gmail.com> <[🔎] YyDFM39SkJ3oLmeP@debian.org>

Hi,

On Tue, 13 Sep 2022, Abhijith PA wrote:
> > Yes, that'd make sense. I'll start a separate thread for
> > CVE-2022-32224. Roll back for now so there's no regression at least.
> 
> I've disabled patch for CVE-2022-32224. Also tested against redmine. 
> Looks good for me. Can you give a smoke test. I will upload to 
> archive.
> 
> https://people.debian.org/~abhijith/upload/fix_rails/

I upgrade to this package and the debci API is working. So from my point
of view, the regression is gone.

Don't forge to update security tracker so that CVE-2022-32224 is again
marked as unhandled.

Cheers,
-- 
  ⢀⣴⠾⠻⢶⣦⠀   Raphaël Hertzog <hertzog@debian.org>
  ⣾⠁⢠⠒⠀⣿⡁
  ⢿⡄⠘⠷⠚⠋    The Debian Handbook: https://debian-handbook.info/get/
  ⠈⠳⣄⠀⠀⠀⠀   Debian Long Term Support: https://deb.li/LTS

Reply to:

References:
- Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
  - From: Raphael Hertzog <raphael@offensive-security.com>
- Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
  - From: Abhijith PA <abhijith@disroot.org>
- Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
  - From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
- Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
  - From: Abhijith PA <abhijith@disroot.org>
- Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
  - From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
- Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
  - From: Abhijith PA <abhijith@debian.org>

Prev by Date: Re: Bug#961654: buster-pu: package bzip2/1.0.6-9.2~deb10u1
Next by Date: Re: [SECURITY] [DLA 3107-1] sqlite3 security update
Previous by thread: Re: Regression in stretch update of ruby-activerecord 2:5.2.2.1+dfsg-1+deb10u4
Next by thread: my LTS activities in August 2022
Index(es):
- Date
- Thread