Control: tags -1 + confirmed
On 2016-06-07 10:21, Petter Reinholdtsen wrote:
Control: tags -1 - confirmed
[Adam D. Barratt]
We'd generally prefer a bit more testing than "should solve the
problem", although I agree that the patch looks sane enough as someone
who knows practically nothing about Ruby...
Please go ahead.
Thank you. I agree that a bit more testing was needed, but had to
struggle a bit to find test code to verify the fix. In the process I
discovered that this fix was only fixing half the problem, and added a
patch for CVE-2015-7551 and the fiddle code as well. The new and
better
tested code is attached. The fiddle patch from upstream even had a
testsuite fragment to verify its correctness. :)
Still OK to upload? Asking again as the changes became twice as
large. :)
Judging from the seecurity tracker, CVE-2015-7551 is fixed in any Ruby
versions that exist in unstable, so please go ahead.
Regards,
Adam
