Ubuntu
ruby2.7 package

Ruby 2.7.0-5ubuntu1.11 on focal main/security

Asked by granjerox

Hello,

On one of my production servers, a Ruby security vulnerability USN-6087-1 (https://ubuntu.com/security/notices/USN-6087-1) has been identified.

The server is running Ubuntu 20.04, and I have been instructed to upgrade Ruby and libruby from version 2.7.0-5ubuntu1.10 to 2.7.0-5ubuntu1.11. However, it appears that the updated package is not yet available in the main/sec channel and is still in the proposed state.

I'm not familiar with the release cycle of these channels. So, my questions are as follows:

- Has the release of the package in the main/sec channel been scheduled?
- Should I proceed with the installation in the proposed state? If so, how can I do it?
- Any other suggestions?

Thank you.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu ruby2.7 Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
Last query:
Last reply:
Revision history for this message
Best Manfred Hampl (m-hampl) said : 		#1

It seems that something went wrong during automatic testing of the change, but according to a comment that has already been fixed.

I suggest that you comment on bug Bug #2018215 and ask what's now going on with the publication of version 2.7.0-5ubuntu1.11

There is a possibility to enable updates also from the -proposed repository https://wiki.ubuntu.com/Testing/EnableProposed but in my opinion it is better to wait for the transfer to -security and -updates. My expectation is that this will happen within the coming few days.

Revision history for this message
granjerox (granjerox) said : 		#2

Thanks @Hampl for your quick response. I'll take your advice and wait till the package progress to -security/update. We still have time to resolve de sec issue.