Your message dated Fri, 9 Jul 2021 22:04:26 +0200 with message-id <2d3c9ff6-de7a-bd08-003a-d108ad0cc492@debian.org> and subject line Re: Bug#989037: Bug#988214: fixed in rails 2:6.0.3.7+dfsg-1 has caused the Debian Bug report #989037, regarding unblock: rails/2:6.0.3.7+dfsg-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 989037: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989037 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Cc: Pirate Praveen <praveen@onenetbeyond.org>
- Subject: unblock: rails/2:6.0.3.7+dfsg-1
- From: Utkarsh Gupta <utkarsh@debian.org>
- Date: Mon, 24 May 2021 13:55:25 +0530
- Message-id: <CAPP0f9536mwYpnJ4zTwGH1bJU=MHTPPEOpSfzoUNpDpXXitv-Q@mail.gmail.com>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock X-Debbugs-Cc: debian-ruby@lists.debian.org Hello, Rails was recently affected by 3 CVEs (CVE-2021-2290{2,4} and CVE-2021-22885). I'm attaching a filtered diff for your review; the diff is really small and minimal which should be clear by looking at it. The only caveat is that it needs ruby-marcel, which has an unblock request (#989036) opened a few minutes ago. rails has been in unstable for around 9 days now[1]; I've done some testing and it all works OK w/ Bullseye, so it should be good to go. [1]: https://tracker.debian.org/pkg/rails The command used to filter the debdiff is as follows: filterdiff --exclude='*/Gemfile.lock' --exclude='*/CHANGELOG.md' --exclude='*/gem_version.rb' --exclude='*/package.json' --exclude='*/test/*' ../rails.debdiff Let me know if you need any other information from my end. Thanks! - uAttachment: rails_filtered.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
- To: Utkarsh Gupta <utkarsh@debian.org>, 989037-done@bugs.debian.org
- Subject: Re: Bug#989037: Bug#988214: fixed in rails 2:6.0.3.7+dfsg-1
- From: Paul Gevers <elbrus@debian.org>
- Date: Fri, 9 Jul 2021 22:04:26 +0200
- Message-id: <2d3c9ff6-de7a-bd08-003a-d108ad0cc492@debian.org>
- In-reply-to: <0af595d8-f993-bfa2-2955-e48ac8139ab9@debian.org>
- References: <CAPP0f94eDdtK8csrRBGcSvYyqS751HrG9h5uhHKwhvChhkYiuw@mail.gmail.com> <CAPP0f9536mwYpnJ4zTwGH1bJU=MHTPPEOpSfzoUNpDpXXitv-Q@mail.gmail.com> <f15df7da-eb1c-5cf1-018d-70c3eae1d60e@debian.org> <5922b193-ee50-bf68-0935-3bfb212fca7a@debian.org> <CAPP0f9536mwYpnJ4zTwGH1bJU=MHTPPEOpSfzoUNpDpXXitv-Q@mail.gmail.com> <CAPP0f95hHFnvRUE0ESa2V+kyzn_esEsV7pUEQjSGfWx-6HmiYw@mail.gmail.com> <CAPP0f9536mwYpnJ4zTwGH1bJU=MHTPPEOpSfzoUNpDpXXitv-Q@mail.gmail.com> <2c1734e7-f976-380b-f25e-9e494534ec7e@debian.org> <CAPP0f9536mwYpnJ4zTwGH1bJU=MHTPPEOpSfzoUNpDpXXitv-Q@mail.gmail.com> <0af595d8-f993-bfa2-2955-e48ac8139ab9@debian.org>
Hi, On 18-06-2021 22:23, Paul Gevers wrote: > On 06-06-2021 06:14, Paul Gevers wrote: >> I am hoping it's possible to just downgrade the *dependency* in rails >> only, such that the upload can happen via unstable. There is no "direct >> bullseye" route. Or do you expect you'll have to make (lots) of changes >> to rails to match the right ruby-marcel package? If that's the case, >> than ruby-marcel/unstable isn't a drop in replacement for >> ruby-marcel/bullseye and I'd expect that ruby-marcel/unstable would need >> a versioned Breaks for reverse dependent packages (ruby-activestorage), >> but I'm not seeing that. > > Did your experimenting (as discussed on IRC last week) yield anything? Unblocked the latest version in unstable. PaulAttachment: OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---