Bug#882724: stretch-pu: package ruby-ox/2.1.1-2+b6

To: Cédric Boutillier <boutil@debian.org>, 882724@bugs.debian.org
Subject: Bug#882724: stretch-pu: package ruby-ox/2.1.1-2+b6
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 26 Nov 2017 13:49:45 +0000
Message-id: <[🔎] 1511704185.2600.25.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 882724@bugs.debian.org
In-reply-to: <[🔎] 151165617660.26449.15396416969854109932.reportbug@esfahan>
References: <[🔎] 151165617660.26449.15396416969854109932.reportbug@esfahan> <[🔎] 151165617660.26449.15396416969854109932.reportbug@esfahan>

Control: tags -1 + confirmed

On Sun, 2017-11-26 at 01:29 +0100, Cédric Boutillier wrote:
> this update fixes bug #881445 [CVE-2017-15928]
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881445
> by cherrypicking a patch from upstream, to crash of the ruby
> interpreter on a parse error.
> 
> Debdiff attached.

Please go ahead.

> As jessie and stretch have the same version of this package, I am
> willing to upload the same fix to jessie (same diff except the
> version number with deb8 instead of deb9). Should I submit an
> independent bug report for the jessie proposed update ?

Yes, please.

Assuming the diff is otherwise identical, please feel free to upload
the jessie package without waiting for an additional ACK.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#882724: stretch-pu: package ruby-ox/2.1.1-2+b6
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#882724: stretch-pu: package ruby-ox/2.1.1-2+b6
  - From: Cédric Boutillier <boutil@debian.org>

Prev by Date: Bug#882714: stretch-pu: package ruby-pygments.rb/0.6.3-2
Next by Date: Processed: Re: Bug#882724: stretch-pu: package ruby-ox/2.1.1-2+b6
Previous by thread: Bug#882724: stretch-pu: package ruby-ox/2.1.1-2+b6
Next by thread: Bug#882724: stretch-pu: package ruby-ox/2.1.1-2+b6
Index(es):
- Date
- Thread