[DRE-maint] Bug#705533: redmine: html escape? problem in the administration/settings dialog, projects and repositories tab
Wim Bertels
wim.bertels at khleuven.be
Wed Apr 17 18:30:58 UTC 2013
> check:
> a downgrade of the following packages to squeeze7 (stable has squeeze8)
> fixed the problem:
> libactionmailer-ruby1.8_2.3.5-1.2+squeeze7_all.deb
..
> libactivesupport-ruby_2.3.5-1.2+squeeze7_all.deb
>
> So indeed the problem persists in the upgrade to latest stable packages.
>
> So if if u need a quick patch:
> # get files
> $ wget -r -l1 --no-parent -A.deb
> http://snapshot.debian.org/archive/debian-security/20130212T211154Z/pool/updates/main/r/rails/
> # then cd to dir where deb files just downloaded are
> # install files
> $ ls *squeeze7* | xargs dpkg -i
> # logout of redmine
> # restart apache
> # everything should be fine now, security?
after checking the differences between squeeze7 and 8:
"unfortunately" the security update
http://www.debian.org/security/2013/dsa-2655
fixes a lot a problems,
downgrading to squeeze7 is not safe.
other suggestions for a better solution?
mvg,
Wim
>
More information about the Pkg-ruby-extras-maintainers
mailing list