Bug#996026: bullseye-pu: package ruby-httpclient/2.8.3-3+deb11u1
Control: tags -1 + confirmed
On Sun, 2021-10-10 at 09:40 -0300, Antonio Terceiro wrote:
> ruby-httpclient uses a vendored copy of a CA certificate bundle, and
> that is a ticking time bomb. This update fixes that by removing that
> vendored copy and making it use the system CA certificate bundle by
> default.
>
> [ Impact ]
> The main package affected by this is apt-listbugs, which stopped
> being
> able to download bug data information from bugs.debian.org due to the
> recent expiration of the old Let's Encrypt root certificate.
>
Please go ahead, thanks.
Regards,
Adam
Reply to: