RFS: ruby-hiera / CVE-2014-3248

To: debian-ruby <debian-ruby@lists.debian.org>
Cc: Nathan Handler <nathan.handler@gmail.com>
Subject: RFS: ruby-hiera / CVE-2014-3248
From: Jonas Genannt <jonas.genannt@capi2name.de>
Date: Tue, 10 Jun 2014 21:28:12 +0200
Message-id: <[🔎] 20140610212812.3f07a440@swetlana.brachium-system.net>

Hello,

I have updated ruby-hiera to 1.3.4, this is a fix for CVE-2014-3248:

 ruby-hiera (1.3.4-1) unstable; urgency=high
 .
   * Team upload.
   * d/control:
    - removed version depend on mcollective-common, puppet-common. fits for all
      debian releases.
    - added ruby-json to depends, included json backend needs ruby-json
   * Imported Upstream version 1.3.4
     - fixes CVE-2014-3248

Could any dd please have a look? - Stable is also affected, I will prepare the stable
update and inform security team.

Thanks,
	Jonas

Reply to:

Follow-Ups:
- Re: RFS: ruby-hiera / CVE-2014-3248
  - From: Net Kgk <netkgk@gmail.com>

Prev by Date: Re: RFS: unicorn, ruby-tzinfo, ruby-gettext, ruby-kgio
Next by Date: Re: RFS: unicorn, ruby-tzinfo, ruby-gettext, ruby-kgio
Previous by thread: Re: RFS: unicorn, ruby-tzinfo, ruby-gettext, ruby-kgio
Next by thread: Re: RFS: ruby-hiera / CVE-2014-3248
Index(es):
- Date
- Thread