*** This bug is a security vulnerability ***
Public security bug reported:
In version 1.8.24, RubyGems added the ability to fetch gems over HTTPS
while properly verifying the server's SSL certificate. To make it work
out of the box, the upstream developers included a bundle of certificate
authority certs in the upstream release.
That bundle made it into Debian and Ubuntu's rubygems-1.8.24-1 package,
rather than the package being modified to use the ca-certificates.crt
bundle provided by the ca-certificates package. This makes it more
difficult to properly maintain the list of trusted CA certificates after
the release of Quantal.
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: rubygems (not installed)
ProcVersionSignature: Ubuntu 3.5.0-15.23-generic 3.5.4
Uname: Linux 3.5.0-15-generic x86_64
ApportVersion: 2.5.2-0ubuntu4
Architecture: amd64
Date: Thu Sep 27 23:38:45 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1)
SourcePackage: rubygems
UpgradeStatus: Upgraded to quantal on 2012-08-03 (55 days ago)
** Affects: rubygems (Ubuntu)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: In Progress
** Tags: amd64 apport-bug quantal running-unity
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1057926
Title:
RubyGems should use ca-certificates for SSL verification
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rubygems/+bug/1057926/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
