Hi, I have uploaded test packages of ruby1.9.1 to my personal repo:
deb https://people.debian.org/~santiago/debian santiago-wheezy-security/
deb-src https://people.debian.org/~santiago/debian santiago-wheezy-security/
It would be great to have feedback from it, especially because:
This package includes fixes to WEBrick-related CVEs (CVE-2017-17742 and
CVE-2018-8777). Upstream considers that one the of revision changes, r62965
in [1], could break apps during authentication, if apps "want to do
something with the body besides calculating the MD5 digest of it."
[1] https://github.com/ruby/ruby/commit/a45622669bb1ff18d3ee9b411128acd839c4263e
To install the packages from the repository you will need to:
apt-get install apt-transport-https
and import my key used to sign the package:
wget -qO -
https://people.debian.org/~santiago/0x4BC80A69432387E8-santiago.key \
| sudo apt-key add -
Cheers,
-- Santiago
signature.asc
Description: PGP signature
