Control: tags -1 + confirmed On Sun, 2017-11-26 at 01:29 +0100, Cédric Boutillier wrote: > this update fixes bug #881445 [CVE-2017-15928] > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881445 > by cherrypicking a patch from upstream, to crash of the ruby > interpreter on a parse error. > > Debdiff attached.
Please go ahead. > As jessie and stretch have the same version of this package, I am > willing to upload the same fix to jessie (same diff except the > version number with deb8 instead of deb9). Should I submit an > independent bug report for the jessie proposed update ? Yes, please. Assuming the diff is otherwise identical, please feel free to upload the jessie package without waiting for an additional ACK. Regards, Adam
