[DRE-maint] Bug#882034: ruby-redis-store for jessie and stretch (#882034 CVE-2017-1000248). Proposed patch
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 8 08:31:47 UTC 2017
Hi Cédric,
On Fri, Dec 01, 2017 at 10:44:22PM +0100, Cédric Boutillier wrote:
> Hi,
>
> I have prepared a patch for Debian bug #882034 (CVE-2017-1000248) from
> by adapting the upstream patch from
>
> https://github.com/redis-store/redis-store/pull/290
>
> (which should be applied after
> https://github.com/redis-store/redis-store/commit/bcd1c28cf10ff18b4352cdacbe04113af3fec68d,
> not present in the version 1.1.6)
>
> Please find attached the debdiff for the version in Stretch.
> It is the same as the change for 1.1.6-2 which went to unstable (without
> the additional packaging change).
>
> As jessie has the same version, the debdiff will look the same except
> the one line in the changelog with version number and suite.
>
> Do you ack this patch, and allow me to upload to security.debian.org?
Sorry for not coming earlier back to you.
Thanks a lot for fixing this in unstable and experimental, so we have
quarantee that it's fixed in next stable. For stretch: Can you fix the
issue via a point release?
What do you mean by the version in jessie? AFAICT the package was not
renamed, and ruby-redis-store is not present in jessie, do I miss
something?
Regards,
Salvatore
More information about the Pkg-ruby-extras-maintainers
mailing list