Your message dated Sun, 02 Aug 2015 19:47:51 +0000
with message-id <[email protected]>
and subject line Bug#789311: fixed in ruby-rack 1.4.1-2.1+deb7u1
has caused the Debian Bug report #789311,
regarding ruby-rack: CVE-2015-3225: Potential Denial of Service Vulnerability
in Rack normalize_params()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
789311: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ruby-rack
Version: 1.4.1-1
Severity: important
Tags: security patch upstream fixed-upstream
Hi,
the following vulnerability was published for ruby-rack.
CVE-2015-3225[0]:
Potential Denial of Service Vulnerability in Rack normalize_params()
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3225
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-rack
Source-Version: 1.4.1-2.1+deb7u1
We believe that the bug you reported is fixed in the latest version of
ruby-rack, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated ruby-rack package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Jul 2015 16:37:25 +0900
Source: ruby-rack
Binary: ruby-rack librack-ruby1.9.1 librack-ruby1.8 librack-ruby
Architecture: source all
Version: 1.4.1-2.1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
librack-ruby - Transitional package for ruby-rack
librack-ruby1.8 - Transitional package for ruby-rack
librack-ruby1.9.1 - Transitional package for ruby-rack
ruby-rack - Modular Ruby webserver interface
Closes: 789311
Changes:
ruby-rack (1.4.1-2.1+deb7u1) wheezy-security; urgency=high
.
* Create cherry-picked patch for Security Fix (Closes: #789311).
- CVE-2015-3225: 0006-Fix-Params_Depth.patch
Default depth at which the parameter parser will raise an exception
for being too deep, allows remote attackers to cause a denial of
service (SystemStackError) via a request with a large parameter
depth.
Checksums-Sha1:
20caaa3827b88688d49d5746dffaa947103fc893 2307 ruby-rack_1.4.1-2.1+deb7u1.dsc
1b7a14a810efe4a8557c14e57dd4bec00d58a743 169884 ruby-rack_1.4.1.orig.tar.gz
712a4a6abf47fe68586d8e83a568b20f320bb251 11324
ruby-rack_1.4.1-2.1+deb7u1.debian.tar.gz
1595a095c4968add36bff4593c537004022f8139 83268
ruby-rack_1.4.1-2.1+deb7u1_all.deb
152d068e28a0a19ef2df9bdb3de97c213799fa5a 4258
librack-ruby1.9.1_1.4.1-2.1+deb7u1_all.deb
aa4a77a8644061bf16a57dec6f6582162f2c8843 4254
librack-ruby1.8_1.4.1-2.1+deb7u1_all.deb
1a63bad6419ed4f682f78cabdfe499a6959f71c1 4246
librack-ruby_1.4.1-2.1+deb7u1_all.deb
Checksums-Sha256:
e8b11369ceafcd306cebcbd2df53c4878ce637d7f2f949201ef70ecc6679ca76 2307
ruby-rack_1.4.1-2.1+deb7u1.dsc
94b8f7eb2530f42f80bbb1dfd2d812f1f8b4bdf0042901388394038638cafacf 169884
ruby-rack_1.4.1.orig.tar.gz
7bfee07e5b1643193c2ddde083639922ed0f8ffafbb9a7d9ee47cd293e2606e2 11324
ruby-rack_1.4.1-2.1+deb7u1.debian.tar.gz
9b4f6104df3bb9fde1172d965ff4514e3053b13367af9c76328527e1acf420e2 83268
ruby-rack_1.4.1-2.1+deb7u1_all.deb
c357dd6eff45d5a4eb78e340a06f3d9373687d64354b5390f2d39c89b878cff0 4258
librack-ruby1.9.1_1.4.1-2.1+deb7u1_all.deb
47de975032da5556b963ade1d335230a134bbdb60eb9da80314f486b80d7cd79 4254
librack-ruby1.8_1.4.1-2.1+deb7u1_all.deb
9a6f960859284b37c46e4f5eea6e1ea08de57f8bb829440f79e06ed33e283422 4246
librack-ruby_1.4.1-2.1+deb7u1_all.deb
Files:
09aa2fe307e625abcbe3066186813394 2307 ruby optional
ruby-rack_1.4.1-2.1+deb7u1.dsc
d1a7ca7aa611576c10ca6df25597613a 169884 ruby optional
ruby-rack_1.4.1.orig.tar.gz
4a84eb5b5a55ca1973d8fd61d4034f5e 11324 ruby optional
ruby-rack_1.4.1-2.1+deb7u1.debian.tar.gz
f9a542a09f5d1839647308cd4ee88f80 83268 ruby optional
ruby-rack_1.4.1-2.1+deb7u1_all.deb
7309fd31f20cc6ed96c3b7d09988ba00 4258 oldlibs extra
librack-ruby1.9.1_1.4.1-2.1+deb7u1_all.deb
1587337c7d57be551f8e6e6a6d6eefcc 4254 oldlibs extra
librack-ruby1.8_1.4.1-2.1+deb7u1_all.deb
8cd15aa0ccf9ccef35e67f06b0b71bdd 4246 oldlibs extra
librack-ruby_1.4.1-2.1+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVuomkAAoJEAVMuPMTQ89EuNAP/274oMYBPPMbYbow5hfRubtX
uFqy7BRlBVnvoAtqHWVCvUrySxbd5PCiahHQkS8mdEh73jW6G2sDrQ26uqG4g+bP
AY7/cpChOinECmOe+xJFnQXaN2IR3pWaWDJICNfKiPlNvovi4GGIXvpF6jRX1Msw
blXbODdpllOIC+A8U0EHH2gfBGpn9nES0fQBjfwR22XkjhyzF+4a0LXmUdphmRwd
HmkU7gHg4Eliy3GCjZmOYCoQayAYC5piABS2uzv+OlW+c6T8wpnM2jHrNfzmxX82
NGuuBjL3fMLKIeEV9nCgOZz88bzmdM/prbmn6yhGojwE2Fkv9BZ7RBKgo4swbNXd
gxIFMCFx2KcKZ04RhilCwTU0DkyVkW/GpPx6jCNccg28NJzEQSqwJTTXsZ0rzUzg
KJyjx2bRllF+Bexrrwr1I9E2rEIdxc+uHAm+/A5XofenQ9nlpv38uxZDxqPCAp7m
efEQyORGgLOtBJpj/368CQpJp7/6EfYX2ruS50OeXPE5hhjdIYa3X6r2Va1+Vzwn
f80nRdgqv+frUm8XDWil8FGMVEtbqH+4LeMwcOpgfYbdYk5HVXUOxvZr61rYtXCp
BTIlNYT7UThcnp//K8vcdFfFWEBJH9wjAfCoMIyhgZVCQL/+ekr4TdqzMh8nZbg6
Shxc4295Nm4ocEhlMDfN
=BEpm
-----END PGP SIGNATURE-----
--- End Message ---
