Re: Debian LTS Security update of ruby-activerecord-3.2

[Ola Lundqvist <opal@debian.org>]

Hi Guido

Yes that is true. I have not solved that problem. I focused on only one of the issues as I had to look into two packages to solve the one you refer to. Great that you will have a look at that one.

I'll upload ruby-activerecord-3.2 shortly (read today) and it will look like the one I had in the directory above. But I guess it is better to base it on the one I upload just in case.

Cheers

// Ola

On Mon, May 30, 2016 at 8:08 PM, Guido Günther <agx@sigxcpu.org> wrote:

Hi Ola,
On Thu, May 26, 2016 at 11:27:42PM +0200, Ola Lundqvist wrote:
> Hi ruby-activerecord-3.2 maintainer(s) and Debian LTS team
>
> This is my third package contribution to Debian LTS. I'm doing this as a
> training exercise and this is why the maintainer have not been asked to
> this for me.
>
> I have prepared an update of the ruby-activerecord-3.2 package with a fix
> for
> https://security-tracker.debian.org/tracker/CVE-2015-7577

While looking into CVE-2016-0753 of ruby-activemodel-3.2 I noticed that
ruby-activerecord-3.2 is affected as well and not fixed with your
proposed debdiff. I'm just looking into this atm and don't want to
duplicate efforts.

Cheers,
 -- Guido

--

 --------------------- Ola Lundqvist ---------------------------

/  opal@debian.org                     Folkebogatan 26          \

|  ola@inguza.com                      654 68 KARLSTAD          |

|  http://inguza.com/                  +46 (0)70-332 1551       |

\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /

 ---------------------------------------------------------------