Bug#564598: marked as done (ruby1.8: WEBrick control characters vulnerability)

Fri, 30 Jul 2010 07:57:19 -0700 

Your message dated Fri, 30 Jul 2010 10:52:49 -0400
with message-id <[email protected]>
and subject line Re: Bug#564598: ruby1.8: WEBrick control characters 
vulnerability
has caused the Debian Bug report #564598,
regarding ruby1.8: WEBrick control characters vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
564598: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564598
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: ruby1.8
Version: 1.8.7.174-3
Severity: grave
Tags: security
Justification: user security hole

The upstream has released a vulnerability fix in WEBrick, a part of Ruby's
standard library.  WEBrick lets attackers to inject malicious escap
e sequences to its logs, making it possible for dangerous control characters
to be executed on a victim's terminal emulator.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable'), (90, 'unstable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP)
Shell: /bin/sh linked to /bin/bash

Versions of packages ruby1.8 depends on:
ii  libc6                        2.9-4       GNU C Library: Shared libraries
ii  libruby1.8                   1.8.7.174-3 Libraries necessary to run Ruby 1.

ruby1.8 recommends no packages.

Versions of packages ruby1.8 suggests:
ii  rdoc1.8                      1.8.7.174-3 Generate documentation from Ruby s
ii  ri1.8                        1.8.7.174-3 Ruby Interactive reference (for Ru
ii  ruby1.8-examples             1.8.7.174-3 Examples for Ruby 1.8

-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 1.8.7.249-1

> The upstream has released a vulnerability fix in WEBrick, a part of Ruby's
> standard library.  WEBrick lets attackers to inject malicious escap
> e sequences to its logs, making it possible for dangerous control characters
> to be executed on a victim's terminal emulator.

Fixed since 1.8.7.249-1
-- 
| Lucas Nussbaum
| [email protected]   http://www.lucas-nussbaum.net/ |
| jabber: [email protected]             GPG: 1024D/023B3F4F |

--- End Message ---

Reply via email to