[DRE-maint] Debian LTS Security update of ruby-activerecord-3.2
Ola Lundqvist
opal at debian.org
Thu May 26 21:27:42 UTC 2016
Hi ruby-activerecord-3.2 maintainer(s) and Debian LTS team
This is my third package contribution to Debian LTS. I'm doing this as a
training exercise and this is why the maintainer have not been asked to
this for me.
I have prepared an update of the ruby-activerecord-3.2 package with a fix
for
https://security-tracker.debian.org/tracker/CVE-2015-7577
What i have done is to take the CVE-2015-7577.patch file from the rails
2:4.1.8-1+deb8u2 package in jessie.
Two out of three chunks applied cleanly and the third one was simple to
copy-paste in place.
I have also written a very simple test application from an example. It does
not test the specific security problem but at least show that there is no
obvious regression problem. If you know of an easy way to do more extended
testing of this update then please let me know (or run it yourself and let
me know the results). As the source is so similar between the rails package
and this I trust that the extra test introduced in rails will cover the
specific problem even though I have not run it specifically (it is part of
the whole rails suite and not trivial to extract parts of it).
You can find the debdiff here:
http://apt.inguza.net/wheezy-security/ruby-activerecord-3.2/CVE-2015-7577-deb7u2.debdiff
Updated package for test is available here:
http://apt.inguza.net/wheezy-security/ruby-activerecord-3.2
If I do not hear any objections in four days I'll upload this package to
wheezy security.
Thanks in advance.
Best regards,
// Ola
--
--------------------- Ola Lundqvist ---------------------------
/ opal at debian.org Folkebogatan 26 \
| ola at inguza.com 654 68 KARLSTAD |
| http://inguza.com/ +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20160526/08d420d0/attachment.html>
More information about the Pkg-ruby-extras-maintainers
mailing list