No, please go ahead and do both: my availability is spotty for the next 18
hours. :)
(on mobile)
Utkarsh Gupta wrote:
> Hi Chris,
>
> On Wed, Jun 7, 2023 at 9:01 PM Chris Lamb wrote:
>> I see your 2.5.5-3+deb10u6 update on the debian/buster branch which
>> fixes the broken +deb10u5 upload,
Hi Chris,
On Wed, Jun 7, 2023 at 9:01 PM Chris Lamb wrote:
> I see your 2.5.5-3+deb10u6 update on the debian/buster branch which
> fixes the broken +deb10u5 upload, but I don't see it in the archive
> yet.
>
> Although you mentioned you were going to wait a bit more, I'm just
> 100%-checking you
Hi Bernhard, Kees,
On Wed, Jun 7, 2023 at 6:58 PM Schmidt, Bernhard
wrote:
> > I've prepared a fix for the regression and uploaded the binaries at:
> > https://people.debian.org/~utkarsh/lts/ruby2.5/
> >
> > Can you please give these a try and see if that fixes the regression
> > you're seeing?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian LTS Advisory DLA-3447-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
June 06, 2023
Utkarsh,
> I had missed your comment in the bug but super, many thanks for
> testing this out! I'll wait a bit more before I roll this out.
I see your 2.5.5-3+deb10u6 update on the debian/buster branch which
fixes the broken +deb10u5 upload, but I don't see it in the archive
yet.
Although you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 07 Jun 2023 09:45:33 +0200
Source: firefox-esr
Architecture: source
Version: 102.12.0esr-1~deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Maintainers of Mozilla-related packages
Changed-By: Emilio Pozuelo
Hi Utkarsh,
Many thanks from our end.
I know you were asking Bernhard, but I downloaded and installed as well.
Our Puppet agent seems to be happy again.
Cheers,
Kees
On 07-06-2023 15:17, Utkarsh Gupta wrote:
I've prepared a fix for the regression and uploaded the binaries at:
Am Mittwoch, dem 07.06.2023 um 18:47 +0530 schrieb Utkarsh Gupta:
Hi,
> > Yep, I'm taking a look to prep something for 2.5.
>
> I've prepared a fix for the regression and uploaded the binaries at:
> https://people.debian.org/~utkarsh/lts/ruby2.5/
>
> Can you please give these a try and see if
Hi Kees,
On Wed, Jun 7, 2023 at 6:53 PM Kees Meijs | Nefos wrote:
> I know you were asking Bernhard, but I downloaded and installed as well.
> Our Puppet agent seems to be happy again.
I had missed your comment in the bug but super, many thanks for
testing this out! I'll wait a bit more before
Hi Bernhard,
On Wed, Jun 7, 2023 at 4:16 PM Utkarsh Gupta wrote:
> Yep, I'm taking a look to prep something for 2.5.
I've prepared a fix for the regression and uploaded the binaries at:
https://people.debian.org/~utkarsh/lts/ruby2.5/
Can you please give these a try and see if that fixes the
FWIW, in Ubuntu, we had a similar issue trying to fix this CVE in ruby2.7,
and in the end we reverted the fix:
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.10
Lucas Kanashiro.
Em qua., 7 de jun. de 2023 07:47, Utkarsh Gupta
escreveu:
> Hiya,
>
> On Wed, Jun 7, 2023 at 2:39 PM
Hiya,
On Wed, Jun 7, 2023 at 2:39 PM Moritz Muehlenhoff wrote:
> Specifically
> https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
> states:
>
> | For Ruby 2.7: Update to uri 0.10.0.1
> | For Ruby 3.0: Update to uri 0.10.2
> | For Ruby 3.1: Update to uri 0.11.1
> | For
On Wed, Jun 07, 2023 at 01:43:26PM +0530, Utkarsh Gupta wrote:
> Hi Chris,
>
> On Wed, Jun 7, 2023 at 12:56 PM Salvatore Bonaccorso
> wrote:
> > Can you please have a look, as this seems to be caused by the DLA
> > issued as DLA-3447-1.
>
> This has been caused by the ruby2.5 update.
It's
Hi Chris,
On Wed, Jun 7, 2023 at 12:56 PM Salvatore Bonaccorso wrote:
> Can you please have a look, as this seems to be caused by the DLA
> issued as DLA-3447-1.
This has been caused by the ruby2.5 update. Can you please TAL? This
is perhaps because of the URI version in buster v/s URI version
Hi LTS team,
On Wed, Jun 07, 2023 at 08:44:53AM +0200, Bernhard Schmidt wrote:
> Package: libruby2.5
> Version: 2.5.5-3+deb10u5
> Severity: grave
>
> Hi,
>
> I can't quite figure out why, but the latest security upload of ruby2.5 in
> Buster breaks the ability of the puppet agent to pull files
Hi,
thanks for taking care of Debian LTS. Much appreciated!
yesterdays ruby2.5 update for Buster broke our Puppet agent fleet. Not
sure whether it has other effects.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037178 for
details. I'm available to test fixed packages.
Best Regards,
16 matches
Mail list logo