Update to Ruby 2.1.4 for CVE-2014-8080 & CVE-2014-3566 #10
Comments
|
👍 |
|
The new version has not yet landed in the upstream debian repository which these packages are based on. That said the following patch to the debian-changes allows to build the new version: --- ruby2.1-2.1.4/debian/patches/debian-changes 2014-09-20 17:09:45.000000000 +0200
+++ ruby2.1-2.1.4/debian/patches/debian-changes 2014-10-29 11:37:13.207063818 +0100
@@ -11,12 +11,12 @@
$ ./debian/upstream-changes
---- ruby2.1-2.1.3.orig/ext/io/console/io-console.gemspec
-+++ ruby2.1-2.1.3/ext/io/console/io-console.gemspec
+--- ruby2.1-2.1.4.orig/ext/io/console/io-console.gemspec
++++ ruby2.1-2.1.4/ext/io/console/io-console.gemspec
@@ -1,11 +1,10 @@
# -*- ruby -*-
_VERSION = "0.4.2"
--date = %w$Date:: $[1]
+-date = %w$Date:: 2013-11-13 17:08:09 +0900#$[1]
Gem::Specification.new do |s|
s.name = "io-console" |
|
Thanks for the patch Felix - I'll get new packages built today if possible. |
|
I've built ruby 2.1.4 packages for trusty and precise and they're available in ruby-ng-experimental for testing now. Feedback appreciated. |
|
I've deployed the ng-experimental 2.1.4 builds on some precise and trusty x86_64 boxes on Thursday evening without any problems so far. |
|
Closing in lieu of #11 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm not sure what the official process is for requesting version updates, so forgive me if this isn't the correct place.
Ruby 2.1.4 was just announced on the Ruby security mailing list. Adding a ticket to track updating the brightbox package.
The text was updated successfully, but these errors were encountered: