Hi ruby-rest-client maintainer(s) and Debian LTS team This is my second contribution to Debian LTS and this time I need some advice. This fix require a dependency on ruby-http-cookie which is not in wheezy.
I have prepared an update of the ruby-rest-client package to correct the problem described in https://security-tracker.debian.org/tracker/CVE-2015-1820 (I have not fixed CVE-2015-3448 as it was marked as "no DSA" in the security tracker). The change was simple as the fix was in jessie 1.6.7-6 with a prepared patch. So I have simply copied the patch file and series file to the debian/patch directory, changed the changelog and control file and rebuilt. The prepared package is here: http://apt.inguza.net/wheezy-security/ruby-rest-client The debdiff is here: http://apt.inguza.net/wheezy-security/ruby-rest-client/debdiff-against-previous-version-in-wheezy.patch I see two options: 1) I upload this fix above and we introduce the ruby-http-cookie (its dependencies are already there, I have tested with the jessie version of ruby-http-cookie on wheezy, so it is just to add this package too) 2) We tell that the fix is not important enough. I do not see the point in trying to change the correction in some other way for wheezy. Thanks in advance. Best regards, // Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- / [email protected] Folkebogatan 26 \ | [email protected] 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
