Your message dated Tue, 12 Jan 2010 12:03:24 +0000
with message-id <[email protected]>
and subject line Bug#564646: fixed in ruby1.9.1 1.9.1.378-1
has caused the Debian Bug report #564646,
regarding ruby1.9.1: WEBrick control characters vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
564646: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564646
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ruby1.9.1
Version: 1.9.1.376-1
Severity: grave
Tags: security
Justification: user security hole
The upstream has released a vulnerability fix in WEBrick, a part of Ruby's
standard library. WEBrick lets attackers to inject malicious escap e sequences
to its logs, making it possible for dangerous control characters to be executed
on a victim's terminal emulator.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable'), (90, 'unstable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP)
Shell: /bin/sh linked to /bin/dash
Versions of packages ruby1.9.1 depends on:
ii libc6 2.10.2-2 GNU C Library: Shared libraries
ii libruby1.9.1 1.9.1.376-1 Libraries necessary to run Ruby 1.
ruby1.9.1 recommends no packages.
Versions of packages ruby1.9.1 suggests:
ii rdoc1.9.1 1.9.1.376-1 Generate documentation from Ruby s
ii ri1.9.1 1.9.1.376-1 Ruby Interactive reference (for Ru
ii ruby1.9.1-examples 1.9.1.376-1 Examples for Ruby 1.9
ii rubygems1.9.1 1.3.5-2 package management framework for R
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: ruby1.9.1
Source-Version: 1.9.1.378-1
We believe that the bug you reported is fixed in the latest version of
ruby1.9.1, which is due to be installed in the Debian FTP archive:
irb1.9.1_1.9.1.378-1_all.deb
to main/r/ruby1.9.1/irb1.9.1_1.9.1.378-1_all.deb
libdbm-ruby1.9.1_1.9.1.378-1_amd64.deb
to main/r/ruby1.9.1/libdbm-ruby1.9.1_1.9.1.378-1_amd64.deb
libgdbm-ruby1.9.1_1.9.1.378-1_amd64.deb
to main/r/ruby1.9.1/libgdbm-ruby1.9.1_1.9.1.378-1_amd64.deb
libopenssl-ruby1.9.1_1.9.1.378-1_amd64.deb
to main/r/ruby1.9.1/libopenssl-ruby1.9.1_1.9.1.378-1_amd64.deb
libreadline-ruby1.9.1_1.9.1.378-1_amd64.deb
to main/r/ruby1.9.1/libreadline-ruby1.9.1_1.9.1.378-1_amd64.deb
libruby1.9.1-dbg_1.9.1.378-1_amd64.deb
to main/r/ruby1.9.1/libruby1.9.1-dbg_1.9.1.378-1_amd64.deb
libruby1.9.1_1.9.1.378-1_amd64.deb
to main/r/ruby1.9.1/libruby1.9.1_1.9.1.378-1_amd64.deb
libtcltk-ruby1.9.1_1.9.1.378-1_amd64.deb
to main/r/ruby1.9.1/libtcltk-ruby1.9.1_1.9.1.378-1_amd64.deb
rdoc1.9.1_1.9.1.378-1_all.deb
to main/r/ruby1.9.1/rdoc1.9.1_1.9.1.378-1_all.deb
ri1.9.1_1.9.1.378-1_all.deb
to main/r/ruby1.9.1/ri1.9.1_1.9.1.378-1_all.deb
ruby1.9.1-dev_1.9.1.378-1_amd64.deb
to main/r/ruby1.9.1/ruby1.9.1-dev_1.9.1.378-1_amd64.deb
ruby1.9.1-elisp_1.9.1.378-1_all.deb
to main/r/ruby1.9.1/ruby1.9.1-elisp_1.9.1.378-1_all.deb
ruby1.9.1-examples_1.9.1.378-1_all.deb
to main/r/ruby1.9.1/ruby1.9.1-examples_1.9.1.378-1_all.deb
ruby1.9.1-full_1.9.1.378-1_all.deb
to main/r/ruby1.9.1/ruby1.9.1-full_1.9.1.378-1_all.deb
ruby1.9.1_1.9.1.378-1.diff.gz
to main/r/ruby1.9.1/ruby1.9.1_1.9.1.378-1.diff.gz
ruby1.9.1_1.9.1.378-1.dsc
to main/r/ruby1.9.1/ruby1.9.1_1.9.1.378-1.dsc
ruby1.9.1_1.9.1.378-1_amd64.deb
to main/r/ruby1.9.1/ruby1.9.1_1.9.1.378-1_amd64.deb
ruby1.9.1_1.9.1.378.orig.tar.gz
to main/r/ruby1.9.1/ruby1.9.1_1.9.1.378.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daigo Moriwaki <[email protected]> (supplier of updated ruby1.9.1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 11 Jan 2010 09:46:28 +0900
Source: ruby1.9.1
Binary: ruby1.9.1 libruby1.9.1 libruby1.9.1-dbg ruby1.9.1-dev libdbm-ruby1.9.1
libgdbm-ruby1.9.1 libreadline-ruby1.9.1 libtcltk-ruby1.9.1 libopenssl-ruby1.9.1
ruby1.9.1-examples ruby1.9.1-elisp ri1.9.1 rdoc1.9.1 irb1.9.1 ruby1.9.1-full
Architecture: source all amd64
Version: 1.9.1.378-1
Distribution: unstable
Urgency: medium
Maintainer: akira yamada <[email protected]>
Changed-By: Daigo Moriwaki <[email protected]>
Description:
irb1.9.1 - Interactive Ruby (for Ruby 1.9.1)
libdbm-ruby1.9.1 - DBM interface for Ruby 1.9.1
libgdbm-ruby1.9.1 - GDBM interface for Ruby 1.9.1
libopenssl-ruby1.9.1 - OpenSSL interface for Ruby 1.9.1
libreadline-ruby1.9.1 - Readline interface for Ruby 1.9.1
libruby1.9.1 - Libraries necessary to run Ruby 1.9.1
libruby1.9.1-dbg - Debugging symbols for Ruby 1.9.1
libtcltk-ruby1.9.1 - Tcl/Tk interface for Ruby 1.9.1
rdoc1.9.1 - Generate documentation from Ruby source files (for Ruby 1.9.1)
ri1.9.1 - Ruby Interactive reference (for Ruby 1.9.1)
ruby1.9.1 - Interpreter of object-oriented scripting language Ruby 1.9.1
ruby1.9.1-dev - Header files for compiling extension modules for the Ruby 1.9.1
ruby1.9.1-elisp - ruby-mode for Emacsen
ruby1.9.1-examples - Examples for Ruby 1.9
ruby1.9.1-full - Ruby 1.9.1 full installation
Closes: 564646
Changes:
ruby1.9.1 (1.9.1.378-1) unstable; urgency=medium
.
* New upstream release
* The upstream has fixed a vulnerability in WEBrick, a part of Ruby's
standard library. WEBrick lets attackers to inject malicious escape
sequences to its logs, making it possible for dangerous control characters
to be executed on a victim's terminal emulator. (Closes: #564646)
Checksums-Sha1:
e94abade60255b396456dc73ca5e85918fc1b5db 1654 ruby1.9.1_1.9.1.378-1.dsc
886f4fc22881cfc92d850e976c891d3f31832e31 9074768
ruby1.9.1_1.9.1.378.orig.tar.gz
42bdf089aeb158b17d70648b38e85d353ec61f35 50282 ruby1.9.1_1.9.1.378-1.diff.gz
734e5564f3d168c97e249fcf79bb545fe4a23624 626384
ruby1.9.1-examples_1.9.1.378-1_all.deb
6dbc27021a05034ccbfa3fe48b8c0f9384845821 592688
ruby1.9.1-elisp_1.9.1.378-1_all.deb
04ccb080556c160dc7085d6d841754eff88c6862 1657962 ri1.9.1_1.9.1.378-1_all.deb
d3d080904890154171e52151ef1cf9af534817b1 690062 rdoc1.9.1_1.9.1.378-1_all.deb
99e59e836fbdee07b3f6646aa3c59f7bced846a3 619442 irb1.9.1_1.9.1.378-1_all.deb
11eabbb2a3a09a88076930033c569ca9cb93d0a1 570500
ruby1.9.1-full_1.9.1.378-1_all.deb
7422f142fb8c66d456f91f37b2cfb1965ecc0007 598418 ruby1.9.1_1.9.1.378-1_amd64.deb
0b734580916dda5542b9fc92ba8b0dbd03fa1bd0 3604648
libruby1.9.1_1.9.1.378-1_amd64.deb
9770e50c32832e382fb038903ec6f9b6d57b82e7 3284446
libruby1.9.1-dbg_1.9.1.378-1_amd64.deb
132d74c7da2e6be46c5bf10c61760cf9b0417698 1574690
ruby1.9.1-dev_1.9.1.378-1_amd64.deb
88f6e57fd48f8c8aef3109cdd07af0c0ab2823a7 579734
libdbm-ruby1.9.1_1.9.1.378-1_amd64.deb
1eb1b591b54692d098e559c2e2f8cb10d94d2d0f 578816
libgdbm-ruby1.9.1_1.9.1.378-1_amd64.deb
da75bea03009ed7cac8649afb56042e0f9dbfb84 581280
libreadline-ruby1.9.1_1.9.1.378-1_amd64.deb
a36bf800aa2787b97f11701dab4b485aa0a39eda 2306540
libtcltk-ruby1.9.1_1.9.1.378-1_amd64.deb
10ed9e3f3ee543091d1f6b8332ea913ef2ab08f3 702298
libopenssl-ruby1.9.1_1.9.1.378-1_amd64.deb
Checksums-Sha256:
a76e08bbed6247ec84e16118ace2fdf1ac9b294a4938ee4a7a84feb5d2204a60 1654
ruby1.9.1_1.9.1.378-1.dsc
b2960c330aa097c0cf90157a3133c6553ccdf8198e4c717c72cbe87c7f277547 9074768
ruby1.9.1_1.9.1.378.orig.tar.gz
d78f548b0d9189756ec95060cef434174ec1e4471e7501e2e0facdc95590fa45 50282
ruby1.9.1_1.9.1.378-1.diff.gz
b57e81c914c53234d95ad5cde01c8c6e28cb79cf84bec9ab63461cce08d9e9b5 626384
ruby1.9.1-examples_1.9.1.378-1_all.deb
5d9812407ea00f651a86d6fc434d7ff3e036bfc03ea58b0891aa8fe589fc53d6 592688
ruby1.9.1-elisp_1.9.1.378-1_all.deb
352ac159a1dfcf3b203391c2a1c749096a7e461eccf29ad274fe9135da9341e0 1657962
ri1.9.1_1.9.1.378-1_all.deb
bff01c9ba0a91d2df36c0c6350f781c53abdea7cf861b1cf34049c04b5805b0d 690062
rdoc1.9.1_1.9.1.378-1_all.deb
220d953ad7232f1ec481eda028642f4f974e855cb33dcc7615463f3fb75daaac 619442
irb1.9.1_1.9.1.378-1_all.deb
ab3add3462cf19d65b8548d9a0529732cdf41266196811fb7f5639ac33694669 570500
ruby1.9.1-full_1.9.1.378-1_all.deb
bcc5e1382d817d61599e514e5ca07db97a16beed48953edc82bbce7b7d1dd306 598418
ruby1.9.1_1.9.1.378-1_amd64.deb
117cffe47f2ff338db95bdad13357d1823f14b1290a9cd76c4e3ced388d6e3ed 3604648
libruby1.9.1_1.9.1.378-1_amd64.deb
85450c807f2d318cc643d1d8035847bfbf33460c44b7522b30597c2d51a5e4bf 3284446
libruby1.9.1-dbg_1.9.1.378-1_amd64.deb
9072e105e3f60c3db3db5b2e5dabce10189102cc745edb741e06bbd2fccf2f29 1574690
ruby1.9.1-dev_1.9.1.378-1_amd64.deb
96ef29ce04c7b95e0c91d986cd0ae87ebfbc9c50c7a7fe7f53fe52c2df769495 579734
libdbm-ruby1.9.1_1.9.1.378-1_amd64.deb
0e2615c6ea3e2b5e62ca983e1f2b4662e0f3b66b047252ab79b5ba938218dd17 578816
libgdbm-ruby1.9.1_1.9.1.378-1_amd64.deb
56c61a646a6f5f80ff2c0a13be0b547a2b1b6834d20db2720f91a7496a2d71f1 581280
libreadline-ruby1.9.1_1.9.1.378-1_amd64.deb
86bfe498728451870b8d711ee35efcf253a986a6937987fd40a98996fc5de0c7 2306540
libtcltk-ruby1.9.1_1.9.1.378-1_amd64.deb
0096d155a8f150a4d294bd688a84d20b42a0f2852f913c10e97ba356721bf60a 702298
libopenssl-ruby1.9.1_1.9.1.378-1_amd64.deb
Files:
82cb9c4405722e6ab6acb1fd9be5dd2f 1654 ruby optional ruby1.9.1_1.9.1.378-1.dsc
9fc5941bda150ac0a33b299e1e53654c 9074768 ruby optional
ruby1.9.1_1.9.1.378.orig.tar.gz
1ed1443ac28418a116f447dc349361a5 50282 ruby optional
ruby1.9.1_1.9.1.378-1.diff.gz
0de6cd0dda18e4b2d07d0e18fcda95d1 626384 ruby optional
ruby1.9.1-examples_1.9.1.378-1_all.deb
35e30ed5421cffc0f02ecaf47be48249 592688 ruby optional
ruby1.9.1-elisp_1.9.1.378-1_all.deb
eeca1837242c4ee9b510aaaa2e7cfdc3 1657962 ruby optional
ri1.9.1_1.9.1.378-1_all.deb
faad5e3a8cac32e540a083a9d205cb27 690062 doc optional
rdoc1.9.1_1.9.1.378-1_all.deb
fd900c0877d36c531c395b71fa28985d 619442 ruby optional
irb1.9.1_1.9.1.378-1_all.deb
e0f5e4f709a0a3f6719e51a23a9618b4 570500 ruby optional
ruby1.9.1-full_1.9.1.378-1_all.deb
912842d977abb964f0289f3ec6184321 598418 ruby optional
ruby1.9.1_1.9.1.378-1_amd64.deb
153b4a8d6150de54a465b87655a9ea8c 3604648 libs optional
libruby1.9.1_1.9.1.378-1_amd64.deb
43266c12990697ca59ac537c90cb0e5c 3284446 debug extra
libruby1.9.1-dbg_1.9.1.378-1_amd64.deb
4cecb7d8e5e4a6d6b0729980cd7b949f 1574690 ruby optional
ruby1.9.1-dev_1.9.1.378-1_amd64.deb
73dfc5289a6fe419b69e79de1b172c7f 579734 ruby optional
libdbm-ruby1.9.1_1.9.1.378-1_amd64.deb
5e6cf7e6a0f3375ca304803785a2d7ca 578816 ruby optional
libgdbm-ruby1.9.1_1.9.1.378-1_amd64.deb
7b183df2766c29effb910361254aa443 581280 ruby optional
libreadline-ruby1.9.1_1.9.1.378-1_amd64.deb
0ca7e581c0ac2fa086a2ba8cf9896290 2306540 ruby optional
libtcltk-ruby1.9.1_1.9.1.378-1_amd64.deb
5e9510513d938e4b530d16eca971fad3 702298 ruby optional
libopenssl-ruby1.9.1_1.9.1.378-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktMYGYACgkQNcPj+ukc0lDVRACffsAHBLEgRDNDZp//7HxpZkCb
wqMAn0F7zUxd2CBT2JDfBOEIsfgPNgJj
=SqqH
-----END PGP SIGNATURE-----
--- End Message ---
