Bug#996024: buster-pu: package ruby-httpclient/2.8.3-3+deb10u1

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 996024@bugs.debian.org
Subject: Bug#996024: buster-pu: package ruby-httpclient/2.8.3-3+deb10u1
From: Antonio Terceiro <terceiro@debian.org>
Date: Sun, 5 Dec 2021 12:05:03 -0300
Message-id: <YazVH3689U/kPQls@debian.org>
Reply-to: Antonio Terceiro <terceiro@debian.org>, 996024@bugs.debian.org
In-reply-to: <[🔎] 0804bc8528e53b5ba2061be0d9857a1871275b3e.camel@adam-barratt.org.uk>
References: <YWLjYOreW2vesiGG@debian.org> <[🔎] 0804bc8528e53b5ba2061be0d9857a1871275b3e.camel@adam-barratt.org.uk> <YWLjYOreW2vesiGG@debian.org>

On Sat, Dec 04, 2021 at 05:31:52PM +0000, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sun, 2021-10-10 at 09:58 -0300, Antonio Terceiro wrote:
> > ruby-httpclient uses a vendored copy of a CA certificate bundle, and
> > that is a ticking time bomb. This update fixes that by removing that
> > vendored copy and making it use the system CA certificate bundle by
> > default.
> > 
> > [ Impact ]
> > The main package affected by this is apt-listbugs, which stopped
> > being
> > able to download bug data information from bugs.debian.org due to the
> > recent expiration of the old Let's Encrypt root certificate.
> > 
> 
> Please go ahead, thanks.

Uploaded.

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Bug#996024: buster-pu: package ruby-httpclient/2.8.3-3+deb10u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: chromium: Update to version 94.0.4606.61 (security-fixes)
Next by Date: Bug#996026: bullseye-pu: package ruby-httpclient/2.8.3-3+deb11u1
Previous by thread: Processed: Re: Bug#996024: buster-pu: package ruby-httpclient/2.8.3-3+deb10u1
Next by thread: Bug#996624: buster-pu: package node-getobject/0.1.0-2+deb10u1
Index(es):
- Date
- Thread