Hi ruby-activerecord-3.2 maintainer(s) and Debian LTS team This is my third package contribution to Debian LTS. I'm doing this as a training exercise and this is why the maintainer have not been asked to this for me.
I have prepared an update of the ruby-activerecord-3.2 package with a fix for https://security-tracker.debian.org/tracker/CVE-2015-7577 What i have done is to take the CVE-2015-7577.patch file from the rails 2:4.1.8-1+deb8u2 package in jessie. Two out of three chunks applied cleanly and the third one was simple to copy-paste in place. I have also written a very simple test application from an example. It does not test the specific security problem but at least show that there is no obvious regression problem. If you know of an easy way to do more extended testing of this update then please let me know (or run it yourself and let me know the results). As the source is so similar between the rails package and this I trust that the extra test introduced in rails will cover the specific problem even though I have not run it specifically (it is part of the whole rails suite and not trivial to extract parts of it). You can find the debdiff here: http://apt.inguza.net/wheezy-security/ruby-activerecord-3.2/CVE-2015-7577-deb7u2.debdiff Updated package for test is available here: http://apt.inguza.net/wheezy-security/ruby-activerecord-3.2 If I do not hear any objections in four days I'll upload this package to wheezy security. Thanks in advance. Best regards, // Ola -- --------------------- Ola Lundqvist --------------------------- / o...@debian.org Folkebogatan 26 \ | o...@inguza.com 654 68 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
