-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update to Ruby 2.1.4 for CVE-2014-8080 & CVE-2014-3566 #10
Comments
👍 |
The new version has not yet landed in the upstream debian repository which these packages are based on. That said the following patch to the debian-changes allows to build the new version: --- ruby2.1-2.1.4/debian/patches/debian-changes 2014-09-20 17:09:45.000000000 +0200
+++ ruby2.1-2.1.4/debian/patches/debian-changes 2014-10-29 11:37:13.207063818 +0100
@@ -11,12 +11,12 @@
$ ./debian/upstream-changes
---- ruby2.1-2.1.3.orig/ext/io/console/io-console.gemspec
-+++ ruby2.1-2.1.3/ext/io/console/io-console.gemspec
+--- ruby2.1-2.1.4.orig/ext/io/console/io-console.gemspec
++++ ruby2.1-2.1.4/ext/io/console/io-console.gemspec
@@ -1,11 +1,10 @@
# -*- ruby -*-
_VERSION = "0.4.2"
--date = %w$Date:: $[1]
+-date = %w$Date:: 2013-11-13 17:08:09 +0900#$[1]
Gem::Specification.new do |s|
s.name = "io-console" |
Thanks for the patch Felix - I'll get new packages built today if possible. |
I've built ruby 2.1.4 packages for trusty and precise and they're available in ruby-ng-experimental for testing now. Feedback appreciated. |
I've deployed the ng-experimental 2.1.4 builds on some precise and trusty x86_64 boxes on Thursday evening without any problems so far. |
Closing in lieu of #11 |
I'm not sure what the official process is for requesting version updates, so forgive me if this isn't the correct place.
Ruby 2.1.4 was just announced on the Ruby security mailing list. Adding a ticket to track updating the brightbox package.
The text was updated successfully, but these errors were encountered: