Am Mittwoch, dem 07.06.2023 um 15:28 +0200 schrieb Bernhard Schmidt:
Hi Utkarsh,
> > > Yep, I'm taking a look to prep something for 2.5.
> >
> > I've prepared a fix for the regression and uploaded the binaries
> > at:
> > https://people.debian.org/~utkarsh/lts/ruby2.5/
> >
> > Can you please
Hi,
It is now the third day in a row that we have to manually patch broken servers
because of this update.
I confirm that the u6 version works also for that 20+ servers I already had to
patch and would appreciate not to have to test it on a lot more.
Can you please tell us when do you plan to
Hi Utkarsh,
I've actually managed to prepare a final update that I'm ready to
upload - this has quite some fixes plus 2 new CVE fixes. Would you
please test the new resulting binaries and make sure they look sane
enough? :)
The binaries can be found at
No, please go ahead and do both: my availability is spotty for the next 18
hours. :)
(on mobile)
Utkarsh Gupta wrote:
> Hi Chris,
>
> On Wed, Jun 7, 2023 at 9:01 PM Chris Lamb wrote:
>> I see your 2.5.5-3+deb10u6 update on the debian/buster branch which
>> fixes the broken +deb10u5 upload,
Hi Bernhard, Kees,
On Wed, Jun 7, 2023 at 6:58 PM Schmidt, Bernhard
wrote:
> > I've prepared a fix for the regression and uploaded the binaries at:
> > https://people.debian.org/~utkarsh/lts/ruby2.5/
> >
> > Can you please give these a try and see if that fixes the regression
> > you're seeing?
Hi Chris,
On Wed, Jun 7, 2023 at 9:01 PM Chris Lamb wrote:
> I see your 2.5.5-3+deb10u6 update on the debian/buster branch which
> fixes the broken +deb10u5 upload, but I don't see it in the archive
> yet.
>
> Although you mentioned you were going to wait a bit more, I'm just
> 100%-checking you
On Wed, 7 Jun 2023 18:47:02 +0530 Utkarsh Gupta
wrote:> I've prepared a fix for the
regression and uploaded the binaries at:
https://people.debian.org/~utkarsh/lts/ruby2.5/
Can you please give these a try and see if that fixes the regression
you're seeing?
These packages also fix the Puppet
Utkarsh,
> I had missed your comment in the bug but super, many thanks for
> testing this out! I'll wait a bit more before I roll this out.
I see your 2.5.5-3+deb10u6 update on the debian/buster branch which
fixes the broken +deb10u5 upload, but I don't see it in the archive
yet.
Although you
Am Mittwoch, dem 07.06.2023 um 18:47 +0530 schrieb Utkarsh Gupta:
Hi,
> > Yep, I'm taking a look to prep something for 2.5.
>
> I've prepared a fix for the regression and uploaded the binaries at:
> https://people.debian.org/~utkarsh/lts/ruby2.5/
>
> Can you please give these a try and see if
Hi Kees,
On Wed, Jun 7, 2023 at 6:53 PM Kees Meijs | Nefos wrote:
> I know you were asking Bernhard, but I downloaded and installed as well.
> Our Puppet agent seems to be happy again.
I had missed your comment in the bug but super, many thanks for
testing this out! I'll wait a bit more before
Hi Utkarsh,
Many thanks from our end.
I know you were asking Bernhard, but I downloaded and installed as well.
Our Puppet agent seems to be happy again.
Cheers,
Kees
On 07-06-2023 15:17, Utkarsh Gupta wrote:
I've prepared a fix for the regression and uploaded the binaries at:
Hi Bernhard,
On Wed, Jun 7, 2023 at 4:16 PM Utkarsh Gupta wrote:
> Yep, I'm taking a look to prep something for 2.5.
I've prepared a fix for the regression and uploaded the binaries at:
https://people.debian.org/~utkarsh/lts/ruby2.5/
Can you please give these a try and see if that fixes the
FWIW, in Ubuntu, we had a similar issue trying to fix this CVE in ruby2.7,
and in the end we reverted the fix:
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.10
Lucas Kanashiro.
Em qua., 7 de jun. de 2023 07:47, Utkarsh Gupta
escreveu:
> Hiya,
>
> On Wed, Jun 7, 2023 at 2:39 PM
Hiya,
On Wed, Jun 7, 2023 at 2:39 PM Moritz Muehlenhoff wrote:
> Specifically
> https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
> states:
>
> | For Ruby 2.7: Update to uri 0.10.0.1
> | For Ruby 3.0: Update to uri 0.10.2
> | For Ruby 3.1: Update to uri 0.11.1
> | For
Hi there,
In our stack I see the exact same issue.
Cheers,
Kees
On 07-06-2023 11:09, Moritz Muehlenhoff wrote:
It's definitely related to the fix for CVE-2023-28755, reverting that patch
unbreaks Puppet. I'd recommend to go ahead with a revert for now.
On Wed, Jun 07, 2023 at 01:43:26PM +0530, Utkarsh Gupta wrote:
> Hi Chris,
>
> On Wed, Jun 7, 2023 at 12:56 PM Salvatore Bonaccorso
> wrote:
> > Can you please have a look, as this seems to be caused by the DLA
> > issued as DLA-3447-1.
>
> This has been caused by the ruby2.5 update.
It's
Hi Chris,
On Wed, Jun 7, 2023 at 12:56 PM Salvatore Bonaccorso wrote:
> Can you please have a look, as this seems to be caused by the DLA
> issued as DLA-3447-1.
This has been caused by the ruby2.5 update. Can you please TAL? This
is perhaps because of the URI version in buster v/s URI version
Hi LTS team,
On Wed, Jun 07, 2023 at 08:44:53AM +0200, Bernhard Schmidt wrote:
> Package: libruby2.5
> Version: 2.5.5-3+deb10u5
> Severity: grave
>
> Hi,
>
> I can't quite figure out why, but the latest security upload of ruby2.5 in
> Buster breaks the ability of the puppet agent to pull files
Package: libruby2.5
Version: 2.5.5-3+deb10u5
Severity: grave
Hi,
I can't quite figure out why, but the latest security upload of ruby2.5 in
Buster breaks the ability of the puppet agent to pull files from the master
With 2.5.5-3+deb10u4:
# puppet agent --onetime --server puppet-kom.srv.lrz.de
19 matches
Mail list logo
