Your message dated Mon, 3 Aug 2020 20:13:23 +0530 with message-id <capp0f96um1azk2okoqrafczsmsggsiti_sbznlccatrx_m+...@mail.gmail.com> and subject line Re: ruby-rails update destroy redmine issue number linking has caused the Debian Bug report #964432, regarding ruby-rails update destroy redmine issue number linking to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 964432: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964432 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: ruby-rails Version: 2:4.1.8-1+deb8u7 Severity: important Tags: upstream Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these template lines *** -- System Information: Debian Release: 8.11 APT prefers oldoldstable APT policy: (500, 'oldoldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-11-amd64 (SMP w/16 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ruby-rails depends on: ii bundler 1.7.4-1 ii ruby-actionmailer 2:4.1.8-1+deb8u7 ii ruby-actionpack 2:4.1.8-1+deb8u7 ii ruby-actionview 2:4.1.8-1+deb8u7 ii ruby-activemodel 2:4.1.8-1+deb8u7 ii ruby-activerecord 2:4.1.8-1+deb8u7 ii ruby-activesupport 2:4.1.8-1+deb8u7 ii ruby-railties 2:4.1.8-1+deb8u7 ii ruby-sprockets-rails 2.1.3-1 ii ruby-treetop 1.4.15-1 Versions of packages ruby-rails recommends: ii ruby-coffee-rails 4.0.1-1 ii ruby-jbuilder 2.1.3-1 ii ruby-jquery-rails 3.1.2-2 ii ruby-sass-rails 4.0.3-2 ii ruby-sdoc 0.4.1-1 ii ruby-spring 1.1.3-1 ii ruby-sqlite3 1.3.9-2+b2 ii ruby-turbolinks 2.2.2-1 ii ruby-uglifier 2.5.3-1 ruby-rails suggests no packages. -- no debconf information I updated the ruby-rails packages last week. Since then i can use the also installed redmine (3.0~20140825-8~deb8u4) no longer link tickets together. Redmine always tells me the issues number is empty, when I will link issue with an other issue. I have check the installed version with this command apt-cache policy ruby-activesupport ruby-rails ruby-activemodel ruby-actionview ruby-railties ruby-actionmailer ruby-actionpack ruby-activerecord ruby-activesupport: Installiert: 2:4.1.8-1+deb8u7 Installationskandidat: 2:4.1.8-1+deb8u7 Versionstabelle: *** 2:4.1.8-1+deb8u7 0 500 http://security.debian.org/ jessie/updates/main amd64 Packages 100 /var/lib/dpkg/status 2:4.1.8-1+deb8u4 0 500 http://ftp.tu-chemnitz.de/pub/linux/debian/debian/ jessie/main amd64 Packages ruby-rails: Installiert: 2:4.1.8-1+deb8u7 Installationskandidat: 2:4.1.8-1+deb8u7 Versionstabelle: *** 2:4.1.8-1+deb8u7 0 500 http://security.debian.org/ jessie/updates/main amd64 Packages 100 /var/lib/dpkg/status 2:4.1.8-1+deb8u4 0 500 http://ftp.tu-chemnitz.de/pub/linux/debian/debian/ jessie/main amd64 Packages ruby-activemodel: Installiert: 2:4.1.8-1+deb8u7 Installationskandidat: 2:4.1.8-1+deb8u7 Versionstabelle: *** 2:4.1.8-1+deb8u7 0 500 http://security.debian.org/ jessie/updates/main amd64 Packages 100 /var/lib/dpkg/status 2:4.1.8-1+deb8u4 0 500 http://ftp.tu-chemnitz.de/pub/linux/debian/debian/ jessie/main amd64 Packages ruby-actionview: Installiert: 2:4.1.8-1+deb8u7 Installationskandidat: 2:4.1.8-1+deb8u7 Versionstabelle: *** 2:4.1.8-1+deb8u7 0 500 http://security.debian.org/ jessie/updates/main amd64 Packages 100 /var/lib/dpkg/status 2:4.1.8-1+deb8u4 0 500 http://ftp.tu-chemnitz.de/pub/linux/debian/debian/ jessie/main amd64 Packages ruby-railties: Installiert: 2:4.1.8-1+deb8u7 Installationskandidat: 2:4.1.8-1+deb8u7 Versionstabelle: *** 2:4.1.8-1+deb8u7 0 500 http://security.debian.org/ jessie/updates/main amd64 Packages 100 /var/lib/dpkg/status 2:4.1.8-1+deb8u4 0 500 http://ftp.tu-chemnitz.de/pub/linux/debian/debian/ jessie/main amd64 Packages ruby-actionmailer: Installiert: 2:4.1.8-1+deb8u7 Installationskandidat: 2:4.1.8-1+deb8u7 Versionstabelle: *** 2:4.1.8-1+deb8u7 0 500 http://security.debian.org/ jessie/updates/main amd64 Packages 100 /var/lib/dpkg/status 2:4.1.8-1+deb8u4 0 500 http://ftp.tu-chemnitz.de/pub/linux/debian/debian/ jessie/main amd64 Packages ruby-actionpack: Installiert: 2:4.1.8-1+deb8u7 Installationskandidat: 2:4.1.8-1+deb8u7 Versionstabelle: *** 2:4.1.8-1+deb8u7 0 500 http://security.debian.org/ jessie/updates/main amd64 Packages 100 /var/lib/dpkg/status 2:4.1.8-1+deb8u4 0 500 http://ftp.tu-chemnitz.de/pub/linux/debian/debian/ jessie/main amd64 Packages ruby-activerecord: Installiert: 2:4.1.8-1+deb8u7 Installationskandidat: 2:4.1.8-1+deb8u7 Versionstabelle: *** 2:4.1.8-1+deb8u7 0 500 http://security.debian.org/ jessie/updates/main amd64 Packages 100 /var/lib/dpkg/status 2:4.1.8-1+deb8u4 0 500 http://ftp.tu-chemnitz.de/pub/linux/debian/debian/ jessie/main amd64 Packages And then I switched to the last version with the command apt-get install ruby-activesupport=2:4.1.8-1+deb8u4 ruby-rails=2:4.1.8-1+deb8u4 ruby-activemodel=2:4.1.8-1+deb8u4 ruby-actionview=2:4.1.8-1+deb8u4 ruby-railties=2:4.1.8-1+deb8u4 ruby-actionmailer=2:4.1.8-1+deb8u4 ruby-actionpack=2:4.1.8-1+deb8u4 ruby-activerecord=2:4.1.8-1+deb8u4 After these rollbacks, the redmine worked fine again. Unfortunately I can only reset all ruby packages, so I can't tell you which of the ruby packages has the problem. For Information, the version installed redmine apt-cache policy redmine redmine: Installiert: 3.0~20140825-8~deb8u4 Installationskandidat: 3.0~20140825-8~deb8u4 Versionstabelle: *** 3.0~20140825-8~deb8u4 0 100 /var/lib/dpkg/status Yes I know the debian version is outdated but the last ruby-rails update came (19.6.2020) 10 day before this date!
--- End Message ---
--- Begin Message ---Hi Sylvain, On Mon, Aug 3, 2020 at 6:02 PM Sylvain Beucler <[email protected]> wrote: > This version is now impacted by new security issues, such as > CVE-2020-8163, so I would recommend upgrading anyway. There is no place > to upload a new version (in particular, not in ELTS where neither rails > nor redmine are supported), and as far as I understand s.jaekel could > revert the security fixes manually, nearly a month ago. What are you > suggesting, more precisely? What I was suggesting is no more relevant, you explained it in the above paragraph itself^ :) With regard to the above conversation(s), I am closing this bug for now. Please re-open if deemed necessary. Sylvain, Thanks for your pro-active work and reply here. Much appreciated! Best, Utkarsh
--- End Message ---
_______________________________________________ Pkg-ruby-extras-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
