[DRE-maint] Bug#629067: libactionpack-ruby: libactionpack update breaks redmine
Faidon Liambotis
paravoid at debian.org
Mon Sep 5 14:34:51 UTC 2011
reassign 629067 libactionpack-ruby
found 629067 rails/2.3.5-1.2+squeeze0.1
severity 629067 grave
thanks
On Fri, Jun 03, 2011 at 12:26:27PM +0200, Vincent-Xavier JUMEL wrote:
> Package: libactionpack-ruby
> Version: 2.3.5-1.2+squeeze0.1
> Severity: normal
>
> libactionpack update breaks redmine user view if hide_mail is not enabled.
> Redmine renderer fails on an inexistant html_safe method
>
> Workaround : change user preference to hidden mail
> psql> update user_preference set hide_mail = 't' where hide_mail = 'f' ;
This was reassigned to ruby-actionpack-2.3 (present only in wheezy+) but
it's not really obvious why — no explanative mail was sent to the BTS
and the bug report remains unanswered.
If it affects another package in wheezy, then it should probably be
cloned/reassigned instead.
I'm reassigning it back and changing this severity: this was a security
update that broke an unrelated package (redmine) *in stable*. This is
/not/ acceptable according to the security team's guidelines.
You could say that either the fix should be adapted or that the call
sites (redmine) should be fixed. I'd vote for the first, though, since
we can't really know what else has been broken by this change (in the
archive, let alone user-installed applications...)
In any case, I'm adding redmine maintainers & the security team to the
Cc in case they have something useful to add.
Regards,
Faidon
More information about the Pkg-ruby-extras-maintainers
mailing list