On Fri, Jul 10, 2020 at 11:55:37AM +0200, Sylvain Beucler wrote:
> Hi,
>
> On 10/07/2020 10:28, Moritz Mühlenhoff wrote:
> > On Wed, Jul 08, 2020 at 12:45:08PM +0200, Sylvain Beucler wrote:
> >> Hi,
> >>
> >> - buster update
> >>
> >> I now "up-ported" my stretch work at:
> >> https://www.beuc.net/tmp/debian-lts/rails-buster/
> >> + added the redis side of CVE-2020-8165
> >
> > What do you mean with up-ported? Applying a patch made for an older release
> > to a more recent release will miss all code which wasn't present in
> > the older suite.
>
> To phrase it more precisely, I went back to the upstream patches for
> 5.2, applied them and unit-tested them.
Ah, ok! I'll have a look at this over the weekend.
Cheers,
Moritz
