Bug#826348: jessie-pu: package ruby2.1/2.1.5-2+deb8u3

To: Petter Reinholdtsen <petter.reinholdtsen@usit.uio.no>, 826348@bugs.debian.org
Subject: Bug#826348: jessie-pu: package ruby2.1/2.1.5-2+deb8u3
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 04 Jun 2016 20:16:36 +0100
Message-id: <[🔎] 1465067796.7545.27.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 826348@bugs.debian.org
In-reply-to: <[🔎] 20160604183228.13569.94702.reportbug@diskless.uio.no>
References: <[🔎] 20160604183228.13569.94702.reportbug@diskless.uio.no>

Control: tags -1 + confirmed

On Sat, 2016-06-04 at 20:32 +0200, Petter Reinholdtsen wrote:
> On my Debian Jessie machine, a security issue from 2009 is reported by
> debsecan,
> <URL: https://security-tracker.debian.org/tracker/CVE-2009-5147 >.
> 
> The issue was fixed in Squeeze by the LTS team (DLA-299-1), but has not
> yet been fixed in Jessie.  I would like to get it fixed, to get it out
> of my debsecan list.
> 
> The attached patch is based on the squeeze patch (had to refresh it), and
> should solve the problem.

We'd generally prefer a bit more testing than "should solve the
problem", although I agree that the patch looks sane enough as someone
who knows practically nothing about Ruby...

Please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#826348: jessie-pu: package ruby2.1/2.1.5-2+deb8u3
  - From: Petter Reinholdtsen <pere@hungry.com>

References:
- Bug#826348: jessie-pu: package ruby2.1/2.1.5-2+deb8u3
  - From: Petter Reinholdtsen <petter.reinholdtsen@usit.uio.no>

Prev by Date: Processed: tagging 826335
Next by Date: Processed: Re: Bug#826348: jessie-pu: package ruby2.1/2.1.5-2+deb8u3
Previous by thread: Bug#826348: jessie-pu: package ruby2.1/2.1.5-2+deb8u3
Next by thread: Bug#826348: jessie-pu: package ruby2.1/2.1.5-2+deb8u3
Index(es):
- Date
- Thread