Your message dated Sun, 31 Jan 2010 19:56:44 +0000
with message-id <[email protected]>
and subject line Bug#555224: fixed in libjson-ruby 1.1.2-1+lenny1
has caused the Debian Bug report #555224,
regarding libjson-ruby: embeds prototype.js
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
555224: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555224
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: libjson-ruby
version: 1.1.9-1
severity: important
tags: security
Hi,
Your package embeds prototype.js, which makes security updates very
cumbersome, difficult, and potentially error-prone. Please update your
package to make use of the system prototype.js provided by the
libjs-prototype binary package.
This is a mass-filing, and the only checking done so far is a version
comparison. If your package for some reason is not affected or already
uses the system prototype.js, please close this bug with a message
indicating that that is the case.
Thank you very much for your attention on this matter.
Mike
--- End Message ---
--- Begin Message ---
Source: libjson-ruby
Source-Version: 1.1.2-1+lenny1
We believe that the bug you reported is fixed in the latest version of
libjson-ruby, which is due to be installed in the Debian FTP archive:
edit-json_1.1.2-1+lenny1_all.deb
to main/libj/libjson-ruby/edit-json_1.1.2-1+lenny1_all.deb
libjson-ruby-doc_1.1.2-1+lenny1_all.deb
to main/libj/libjson-ruby/libjson-ruby-doc_1.1.2-1+lenny1_all.deb
libjson-ruby1.8_1.1.2-1+lenny1_i386.deb
to main/libj/libjson-ruby/libjson-ruby1.8_1.1.2-1+lenny1_i386.deb
libjson-ruby_1.1.2-1+lenny1.diff.gz
to main/libj/libjson-ruby/libjson-ruby_1.1.2-1+lenny1.diff.gz
libjson-ruby_1.1.2-1+lenny1.dsc
to main/libj/libjson-ruby/libjson-ruby_1.1.2-1+lenny1.dsc
libjson-ruby_1.1.2-1+lenny1_all.deb
to main/libj/libjson-ruby/libjson-ruby_1.1.2-1+lenny1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ryan Niebur <[email protected]> (supplier of updated libjson-ruby package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 08 Nov 2009 22:33:47 -0800
Source: libjson-ruby
Binary: libjson-ruby libjson-ruby-doc libjson-ruby1.8 edit-json
Architecture: source all i386
Version: 1.1.2-1+lenny1
Distribution: stable-proposed-updates
Urgency: low
Maintainer: Esteban Manchado Velázquez <[email protected]>
Changed-By: Ryan Niebur <[email protected]>
Description:
edit-json - JSON files editor
libjson-ruby - JSON library for Ruby (default Ruby version)
libjson-ruby-doc - JSON library for Ruby (documentation)
libjson-ruby1.8 - JSON library for Ruby (Ruby 1.8 version)
Closes: 555223 555224
Changes:
libjson-ruby (1.1.2-1+lenny1) stable-proposed-updates; urgency=low
.
* Security Fix for JSON::Pure::Parser. A specially designed string
could cause catastrophic backtracking in one of the parser's regular
expressions. (fixed upstream in version 1.1.7)
* Use the version of prototype.js from libjs-prototype. The included
version had a security issue. (Closes: #555224, #555223)
Checksums-Sha1:
204b4def027b9dd86bda44b16eeb0cff14bfcc0b 1539 libjson-ruby_1.1.2-1+lenny1.dsc
cd4dbe1a6c908dfe754caac1976f96cda6631cff 4739
libjson-ruby_1.1.2-1+lenny1.diff.gz
555c324dd53c491516642b1b379bc8fe45c4fd26 7024
libjson-ruby_1.1.2-1+lenny1_all.deb
2be0c3991aadc353c228afaeecc393455b62800f 917484
libjson-ruby-doc_1.1.2-1+lenny1_all.deb
020bbaf3f77fea8fa2f6144816af42bb0380d3fa 33328 edit-json_1.1.2-1+lenny1_all.deb
9faee952bcbad6314c3a8c89e80debac958b336f 34694
libjson-ruby1.8_1.1.2-1+lenny1_i386.deb
Checksums-Sha256:
e436703bad8b5e1e84426c24839a97a1f4021004aebc6963cbfef36cf780e663 1539
libjson-ruby_1.1.2-1+lenny1.dsc
6e18dcaf3e74e423340a1732548df412bda82b8a5a9b229f6e89e14986a241d0 4739
libjson-ruby_1.1.2-1+lenny1.diff.gz
1b7eb3ce18444792112295cac69cef183863f407ce40656de4aa6f52a908a571 7024
libjson-ruby_1.1.2-1+lenny1_all.deb
8ace3a32477fe0c7be3288435ffef1a930d00f05071ae61598c4054776eacd08 917484
libjson-ruby-doc_1.1.2-1+lenny1_all.deb
fa6a3ffd8413582258a3caefeaf3ba564e63baeda751be2e9a1917bcbf1b96a4 33328
edit-json_1.1.2-1+lenny1_all.deb
2efb71dacf0974868f79a089e01bd803c0691211a9bc57f3d46b6b7673ab3076 34694
libjson-ruby1.8_1.1.2-1+lenny1_i386.deb
Files:
f7c8b92b8eeb172d4f432cdd7350d771 1539 libs optional
libjson-ruby_1.1.2-1+lenny1.dsc
c32ef2974a824c33ce13370503982dae 4739 libs optional
libjson-ruby_1.1.2-1+lenny1.diff.gz
5d876f2537ea1ca31ce4473e82de8499 7024 libs optional
libjson-ruby_1.1.2-1+lenny1_all.deb
6cc12d6501720604aed1f3d6dd85d26c 917484 doc optional
libjson-ruby-doc_1.1.2-1+lenny1_all.deb
2706f97288b16ec3d1919b8756881af7 33328 devel optional
edit-json_1.1.2-1+lenny1_all.deb
82e36836cbbdd2b61de3d56bfe09c3d1 34694 libs optional
libjson-ruby1.8_1.1.2-1+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAktj4i8ACgkQMihv+PacasU0SwCg0/ngKLPL37qYBDnKZ0Dj5aaK
1WQAoMbpWFevb7U6W2ppAWqZwWUTGCQb
=HC7F
-----END PGP SIGNATURE-----
--- End Message ---
