Hi Antonio Sorry for the late reply
On Mon, Oct 23, 2017 at 11:49:28AM -0200, Antonio Terceiro wrote: > Hi security team, > > I have prepared a security update for ruby2.3. > > It includes all the pending recent CVE's, plus a fix for a bug that > causes runaway child processes hogging the CPU, noticed at least in > puppet. For the later one, not directly a security issue, strictly speaking we would need an ack from the SRM to see they would ack it to a point release and then we can pick it as well for a security update. The patch though looks confined enough that I would trust it's okay as well for SRM to see it included (Cc'ed explicity Adam). > The test suite still passes both during build, and under autopkgtest. I > am running these packages on my workstation since yesterday. The patches > are targeted enough that I don't expect any regressions. > > As I explained before, unfortunately the patch management for ruby2.3 is > not optimal, so I attach both the debdiff and the individual patches > that I applied to the git repository. The later will make your review > work easier. > > You can also inspect the git repository: > https://anonscm.debian.org/cgit/collab-maint/ruby.git/log/?h=debian/stretch Yes thank you. Please go ahead with the upload to security-master (unless you in meanwhile have found any regression caused by the update on your workstation). Regards, Salvatore
signature.asc
Description: PGP signature