Bug#996026: bullseye-pu: package ruby-httpclient/2.8.3-3+deb11u1

To: Antonio Terceiro <terceiro@debian.org>, 996026@bugs.debian.org
Subject: Bug#996026: bullseye-pu: package ruby-httpclient/2.8.3-3+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 03 Dec 2021 16:39:06 +0000
Message-id: <[🔎] 3a2195e26c36684b044620abf83be64721832575.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 996026@bugs.debian.org
In-reply-to: <YWLfJ8BDA9nfpKRW@debian.org>
References: <YWLfJ8BDA9nfpKRW@debian.org> <YWLfJ8BDA9nfpKRW@debian.org>

Control: tags -1 + confirmed

On Sun, 2021-10-10 at 09:40 -0300, Antonio Terceiro wrote:
> ruby-httpclient uses a vendored copy of a CA certificate bundle, and
> that is a ticking time bomb. This update fixes that by removing that
> vendored copy and making it use the system CA certificate bundle by
> default.
> 
> [ Impact ]
> The main package affected by this is apt-listbugs, which stopped
> being
> able to download bug data information from bugs.debian.org due to the
> recent expiration of the old Let's Encrypt root certificate.
> 

Please go ahead, thanks.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#996026: bullseye-pu: package ruby-httpclient/2.8.3-3+deb11u1
  - From: Antonio Terceiro <terceiro@debian.org>

Prev by Date: Processed: Re: Bug#997597: bullseye-pu: package chrony/4.0-8+deb11u1
Next by Date: Processed: Re: Bug#996026: bullseye-pu: package ruby-httpclient/2.8.3-3+deb11u1
Previous by thread: Processed: Re: Bug#996728: bullseye-pu: package mrtg/2.17.7-2+deb11u1
Next by thread: Processed: Re: Bug#996026: bullseye-pu: package ruby-httpclient/2.8.3-3+deb11u1
Index(es):
- Date
- Thread