Bug#789311: marked as done (ruby-rack: CVE-2015-3225: Potential Denial of Service Vulnerability in Rack normalize_params())

[Debian Bug Tracking System]

Your message dated Wed, 29 Jul 2015 09:37:38 +0000
with message-id <e1zknnu-0004qc...@franck.debian.org>
and subject line Bug#789311: fixed in ruby-rack 1.5.2-4
has caused the Debian Bug report #789311,
regarding ruby-rack: CVE-2015-3225: Potential Denial of Service Vulnerability 
in Rack normalize_params()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
789311: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: ruby-rack
Version: 1.4.1-1
Severity: important
Tags: security patch upstream fixed-upstream

Hi,

the following vulnerability was published for ruby-rack.

CVE-2015-3225[0]:
Potential Denial of Service Vulnerability in Rack normalize_params()

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-3225

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: ruby-rack
Source-Version: 1.5.2-4

We believe that the bug you reported is fixed in the latest version of
ruby-rack, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 789...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Youhei SASAKI <uwab...@gfd-dennou.org> (supplier of updated ruby-rack package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Jul 2015 17:32:29 +0900
Source: ruby-rack
Binary: ruby-rack
Architecture: source all
Version: 1.5.2-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Youhei SASAKI <uwab...@gfd-dennou.org>
Description:
 ruby-rack  - Modular Ruby webserver interface
Closes: 789311
Changes:
 ruby-rack (1.5.2-4) unstable; urgency=medium
 .
   * Add patch: Fix upstream Issue 631
     - uninitialized constant Rack::Response::BodyProxy
   * Create cherry-picked patch for Security Fix (Closes: #789311)
     - CVE-2015-3225: 1-4-deep_params.patch
Checksums-Sha1:
 fdd4c8ab18278f8c28731fd4c4fc255dc2325f7a 2173 ruby-rack_1.5.2-4.dsc
 e679e7a3f09007e836f465d70971216fdb4ec7cd 218461 ruby-rack_1.5.2.orig.tar.gz
 c79a9c0b8af01267f86bb4cc007093ef55ab11d2 7204 ruby-rack_1.5.2-4.debian.tar.xz
 1526fd8242ec9a9799657b6b43f1d9c2bd0d82eb 83282 ruby-rack_1.5.2-4_all.deb
Checksums-Sha256:
 84fe59be43f78ea7b0b61df0a6474a50a4a77da226a57a676572a4c7b9442c8f 2173 
ruby-rack_1.5.2-4.dsc
 fd4fbd6545f9105baf62b6ea413b62d4724567c608b14de0a3a64568f81cc774 218461 
ruby-rack_1.5.2.orig.tar.gz
 4316de8200174b661646ff32e38a1d90514a78537843a41e101dd709fb4c3175 7204 
ruby-rack_1.5.2-4.debian.tar.xz
 f8647c43961f22339b834f69871092ee279140c3c548cba1396d591508d55594 83282 
ruby-rack_1.5.2-4_all.deb
Files:
 b604d8677dcf31bf26a2c41fa5f1adea 2173 ruby optional ruby-rack_1.5.2-4.dsc
 84f6d82d041470c5c338ea06d7a01012 218461 ruby optional 
ruby-rack_1.5.2.orig.tar.gz
 f11f00f4e356a9f7d61933f17392d254 7204 ruby optional 
ruby-rack_1.5.2-4.debian.tar.xz
 332335fdd8ea97d425aca88333931641 83282 ruby optional ruby-rack_1.5.2-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVuJIyAAoJEJOU81SJHX4HMgsQALF+sllzopzqGJGHa8v9bb/p
w4GDJPdxLG46PP/urt/Y1BB/1YFQvsz6Y9FicJVuBOQzE5dBwCiTt64LgHv5pT0U
g+zytKozYbkL9WqQ247MlHLry1zq/yO5GKapxEQ3B0c/9jiWALZoYeoXhENVdjc1
/unObs2gaoqTpe1hyJ/+yB68KOoSDOoVIzlni1Jgo6Xbow9w4RKYdJD8CPg1bMGP
7dfD55iGLGtaN8OyqoJBXoAQsh6WbIOZDj0zLd9ruKWd9Zi9ZinzvvkHezQrffHH
vRH0j47qHWfr7bH3igoB5vf27nqfXQe0RPUYc7MqHJjAPZdtNw/vs5KPmjusJfMe
5Q6uws7hirzpNrkybiRymvjfEgcvroCVp0BmujEedQHTBWj1i3mgAq5EtjeUtZpG
eVFTo29JXCjrMGUyMqqwzA+VF3rQ0EiZX9+g7WitcOYrpFAEfkeBjJWvPkOmv9jX
3E4b0QRXTruuZvZgSIdsxH6ig4DN/w7Xbd9uWtBj+OovsdfNCPKbH+gkCyMb6saa
1WI20V1QIfLahNNxIY43CiZr+h0vxuD8t8OfrHVl5C6FpQs2sYwhtJNAjUtdhv6e
HJMgw9TcZcll74NMR/VMEtr8mI/M+kfMllVwHfYFuGItmCoM8ZynLSaLgV5Iq9RI
Q517HJ1/SaCXNczAux8W
=8RZ+
-----END PGP SIGNATURE-----

--- End Message ---