Hi Cédric, On Fri, Dec 01, 2017 at 10:44:22PM +0100, Cédric Boutillier wrote: > Hi, > > I have prepared a patch for Debian bug #882034 (CVE-2017-1000248) from > by adapting the upstream patch from > > https://github.com/redis-store/redis-store/pull/290 > > (which should be applied after > https://github.com/redis-store/redis-store/commit/bcd1c28cf10ff18b4352cdacbe04113af3fec68d, > not present in the version 1.1.6) > > Please find attached the debdiff for the version in Stretch. > It is the same as the change for 1.1.6-2 which went to unstable (without > the additional packaging change). > > As jessie has the same version, the debdiff will look the same except > the one line in the changelog with version number and suite. > > Do you ack this patch, and allow me to upload to security.debian.org?
Sorry for not coming earlier back to you. Thanks a lot for fixing this in unstable and experimental, so we have quarantee that it's fixed in next stable. For stretch: Can you fix the issue via a point release? What do you mean by the version in jessie? AFAICT the package was not renamed, and ruby-redis-store is not present in jessie, do I miss something? Regards, Salvatore
