Thanks for the debdiff, but I have a few comments:
- CVE-2011-2932 does seem to affect lucid, as the insecure code seems to be present in actionpack/lib/action_view/erb/util.rb
- Please add the upstream commit that fixed each issue to debian/changelog, so we can trace where the fix came from
Also, did you successfully run the test suite after updating the package? I'm curious if this actually worked:
+ 'Mysql2Adapter' => '`',
For Maverick and Natty, we're going to need minimal debdiffs also, as natty has a ubuntu-specific change in it, and the debian update contains some other changes which are not currently in maverick.
I am unsubscribing ubuntu-security-sponsors for now, please fix the debdiff. Once that is done, please resubscribe ubuntu-security-sponsors and set the status to 'NEW'.
Thanks for the debdiff, but I have a few comments:
- CVE-2011-2932 does seem to affect lucid, as the insecure code seems to be present in actionpack/ lib/action_ view/erb/ util.rb
- Please add the upstream commit that fixed each issue to debian/changelog, so we can trace where the fix came from
Also, did you successfully run the test suite after updating the package? I'm curious if this actually worked:
+ 'Mysql2Adapter' => '`',
For Maverick and Natty, we're going to need minimal debdiffs also, as natty has a ubuntu-specific change in it, and the debian update contains some other changes which are not currently in maverick.
I am unsubscribing ubuntu- security- sponsors for now, please fix the debdiff. Once that is done, please resubscribe ubuntu- security- sponsors and set the status to 'NEW'.
Thanks.