Hi Mathias,
so with 1.9.3.484-2ubuntu1.7 before this did not happen?
I can confirm the issue in a trusty container.
If I go back to the released version:
$ apt-get install ruby1.9.1=1.9.3.484-2ubuntu1 libruby1.9.1=1.9.3.484-2ubuntu1
things are ok again.
Although it is "only" a warning.
My gems are still listed.
Old:
# gem list
*** LOCAL GEMS ***
hello (0.0.1)
New:
# gem list
YAML safe loading is not available. Please upgrade psych to a version that
supports safe loading (>= 2.0).
*** LOCAL GEMS ***
hello (0.0.1)
ruby-psych is only available in much later releases.
This might be an issue of the latest security fixes.
Especially this might be related:
3 * SECURITY UPDATE: Deserialization untrusted data
4 - debian/patches/CVE-2018-1000074*.patch fix in
5 lib/rubygems/commands/owner_command.rb,
6 test/rubygems/test_gem_commands_owner_command.rb.
7 - CVE-2018-1000074
I'm marking as an upgrade-regression and subscribe Leo who did the fix.
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000074
** Tags added: regression-update
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1763414
Title:
ruby 1.9.3.484-2ubuntu1.8 throws gem warning
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ruby1.9.1/+bug/1763414/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
