* Moritz Mühlenhoff <j...@inutil.org> [170528 13:07]: > On Thu, Jan 05, 2017 at 08:08:14PM +0100, Salvatore Bonaccorso wrote: > > Hi Christian, > > > > On Wed, Nov 16, 2016 at 02:48:03AM +0100, Christian Hofstaedtler wrote: > > > Hi, > > > > > > * Salvatore Bonaccorso <car...@debian.org> [161116 01:46]: > > > > Source: ruby2.3 > > > > [...] > > > > [0] https://security-tracker.debian.org/tracker/CVE-2016-7798 > > > > [1] https://github.com/ruby/openssl/issues/49 > > > > [2] > > > > https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062 > > > > > > I'm attaching a potential patch against ruby2.3 2.3.2. Any review > > > would be most welcome. > > > > The patch looks sane to me. Do you have any chance to let it review > > from upstream for the 2.3 version? Antonio? > > What's the status?
So, the upstream review did not happen because at least I don't have any useful contacts for that, and it appears upstream did not bother to fix this in 2.3. Realistically I'll not have time to work on this over the long weekend... if someone else can do another review pass and maybe upload the patch, that would be very welcome. Best, -ch
