*** This bug is a security vulnerability *** Public security bug reported:
In version 1.8.24, RubyGems added the ability to fetch gems over HTTPS while properly verifying the server's SSL certificate. To make it work out of the box, the upstream developers included a bundle of certificate authority certs in the upstream release. That bundle made it into Debian and Ubuntu's rubygems-1.8.24-1 package, rather than the package being modified to use the ca-certificates.crt bundle provided by the ca-certificates package. This makes it more difficult to properly maintain the list of trusted CA certificates after the release of Quantal. ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: rubygems (not installed) ProcVersionSignature: Ubuntu 3.5.0-15.23-generic 3.5.4 Uname: Linux 3.5.0-15-generic x86_64 ApportVersion: 2.5.2-0ubuntu4 Architecture: amd64 Date: Thu Sep 27 23:38:45 2012 EcryptfsInUse: Yes InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1) SourcePackage: rubygems UpgradeStatus: Upgraded to quantal on 2012-08-03 (55 days ago) ** Affects: rubygems (Ubuntu) Importance: Medium Assignee: Tyler Hicks (tyhicks) Status: In Progress ** Tags: amd64 apport-bug quantal running-unity -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1057926 Title: RubyGems should use ca-certificates for SSL verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rubygems/+bug/1057926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs