Re: Ruby security updates

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ruby security updates

From:	Thompson, David
Subject:	Re: Ruby security updates
Date:	Fri, 8 Jan 2016 19:15:53 -0500

On Fri, Jan 8, 2016 at 6:48 PM, Mark H Weaver <address@hidden> wrote:
> Some of our ruby versions may need security updates.
>
>   https://bugzilla.redhat.com/show_bug.cgi?id=1248935
>
> Can someone who cares about ruby please investigate?

This particular issue is definitely fixed in Ruby 2.2.4 or later,
which we upgraded very recently in response to this.

Now, I suspect Pjotr will find issue with this, but I think we really
should drop the Ruby 1.8.7 package because it is end-of-life and will
*not* receive bug fixes or security updates.

Thoughts?

- Dave

[Prev in Thread]

Current Thread

[Next in Thread]

Ruby security updates, Mark H Weaver, 2016/01/08
- Re: Ruby security updates, Thompson, David <=
  - Re: Ruby security updates, Pjotr Prins, 2016/01/08
    - Re: Ruby security updates, Mark H Weaver, 2016/01/09
  - Re: Ruby security updates, Ben Woodcroft, 2016/01/09
    - Re: Ruby security updates, Pjotr Prins, 2016/01/09
    - Re: Ruby security updates, Andreas Enge, 2016/01/09

Prev by Date: Ruby security updates
Next by Date: Re: Ruby security updates
Previous by thread: Ruby security updates
Next by thread: Re: Ruby security updates
Index(es):
- Date
- Thread