[DRE-maint] Bug#913093: ruby-i18n: CVE-2014-10077

[Chris Lamb]

Hi Salvatore et al.,

> Source: ruby-i18n
[…]
> CVE-2014-10077[0]:
> | Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0
> | for Ruby allows remote attackers to cause a denial of service
> | (application crash) via a call in a situation where :some_key is
> | present in keep_keys but not present in the hash.

Security team, I would be more than happy to prepare and upload a
stable security upload of this package when addressing it in jessie
LTS. Please let me know and I will come back with a debdiff.

Ruby team, I could easily upload to sid at the same time. Let me
know too. (I believe I have the requisite powers in Salsa already.)


Best wishes,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
       `-