Resending to correct redmine address, please use this email of fix the address in the previous email to [email protected]
O. On Mon, Sep 5, 2011 at 17:05, Ondřej Surý <[email protected]> wrote: > Hmm, > > you're right the reassignment was wrong. I missed that when I was reassigning > the bugs to new packages. > > I thought I already sent that to redmine maintainer and the result was that > it's > the redmine which needs the update. > > On Thu, Jun 9, 2011 at 11:10, Jérémy Lal <[email protected]> wrote: >> On 09/06/2011 10:18, Ondřej Surý wrote: >>> Hi Jérémy, >>> >>> since my ruby is not very good, the question is if we want to release >>> update for redmine or is there a simple way how to fix the API inside >>> the rails? >> >> the bug report might be misleading : html_safe may have been unavailable >> even before the security update. I remember i had an issue with this at some >> point. >> I noticed 2.3.5-1.2+squeeze0.1 is not in the git repository, could you fix >> that ? >> >> Jérémy. > > and from previous rails maintainer: > > On Sat, Jun 11, 2011 at 04:01, Adam Majer <[email protected]> wrote: >> On Wed, Jun 08, 2011 at 05:02:52PM +0200, Scharon, Daniel wrote: >>> This bug is caused by a regression within rails, which was introduced in >>> the upgrade from 2.3.5-1.2 to 2.3.5-1.2+squeeze0.1 >>> >>> See #629067 for the bug report on rails, which is containing a >>> workaround. >> >> I think the proper fix is to remove reference to nonexistent html_safe >> method which doesn't exist in 2.3.5 rails. OpenSUSE has correct fix. >> >> - Adam > > Adam, could you please elaborate on this? Do you mean the correct fix for > rails > or for redmine? > > O. > > On Mon, Sep 5, 2011 at 16:34, Faidon Liambotis <[email protected]> wrote: >> reassign 629067 libactionpack-ruby >> found 629067 rails/2.3.5-1.2+squeeze0.1 >> severity 629067 grave >> thanks >> >> On Fri, Jun 03, 2011 at 12:26:27PM +0200, Vincent-Xavier JUMEL wrote: >>> Package: libactionpack-ruby >>> Version: 2.3.5-1.2+squeeze0.1 >>> Severity: normal >>> >>> libactionpack update breaks redmine user view if hide_mail is not enabled. >>> Redmine renderer fails on an inexistant html_safe method >>> >>> Workaround : change user preference to hidden mail >>> psql> update user_preference set hide_mail = 't' where hide_mail = 'f' ; >> >> This was reassigned to ruby-actionpack-2.3 (present only in wheezy+) but >> it's not really obvious why — no explanative mail was sent to the BTS >> and the bug report remains unanswered. >> >> If it affects another package in wheezy, then it should probably be >> cloned/reassigned instead. >> >> I'm reassigning it back and changing this severity: this was a security >> update that broke an unrelated package (redmine) *in stable*. This is >> /not/ acceptable according to the security team's guidelines. >> >> You could say that either the fix should be adapted or that the call >> sites (redmine) should be fixed. I'd vote for the first, though, since >> we can't really know what else has been broken by this change (in the >> archive, let alone user-installed applications...) >> >> In any case, I'm adding redmine maintainers & the security team to the >> Cc in case they have something useful to add. >> >> Regards, >> Faidon >> > > > > -- > Ondřej Surý <[email protected]> > http://blog.rfc1925.org/ > -- Ondřej Surý <[email protected]> http://blog.rfc1925.org/ _______________________________________________ Pkg-ruby-extras-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
