Bug#911918: marked as done (ruby-openssl: CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly)

Tue, 26 Mar 2019 10:39:57 -0700 

Your message dated Tue, 26 Mar 2019 17:35:02 +0000
with message-id <[email protected]>
and subject line Bug#911918: fixed in ruby-openssl 2.1.2-1
has caused the Debian Bug report #911918,
regarding ruby-openssl: CVE-2018-16395: OpenSSL::X509::Name equality check does 
not work correctly
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
911918: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911918
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: ruby-openssl
Version: 2.1.1-1
Severity: grave
Tags: patch security upstream
Justification: user security hole
Control: clone -1 -2
Control: retitle -2 ruby2.5: CVE-2018-16395: OpenSSL::X509::Name equality check 
does not work correctly
Control: reassign -2 ruby2.5 2.5.1-6

Hi,

The following vulnerability was published for ruby-openssl.

CVE-2018-16395[0]:
OpenSSL::X509::Name equality check does not work correctly

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-16395
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16395
[1] 
https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: ruby-openssl
Source-Version: 2.1.2-1

We believe that the bug you reported is fixed in the latest version of
ruby-openssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Utkarsh Gupta <[email protected]> (supplier of updated ruby-openssl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 26 Mar 2019 06:19:25 +0530
Source: ruby-openssl
Binary: ruby-openssl
Architecture: source
Version: 2.1.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 
<[email protected]>
Changed-By: Utkarsh Gupta <[email protected]>
Description:
 ruby-openssl - Ruby bindings for OpenSSL
Closes: 911918
Changes:
 ruby-openssl (2.1.2-1) unstable; urgency=medium
 .
   * Team upload
   * New upstream version 2.1.2 (Fixes: CVE-2018-16395) (Closes: #911918)
   * Bump Standards-Version to 4.3.0 (no changes needed)
   * Fix insecure URL
Checksums-Sha1:
 59a1e65de5136debbd2af794a12cbe69acfd9d9c 2045 ruby-openssl_2.1.2-1.dsc
 fb8bb793d24509579d844b319b4b77a90c46b07f 255371 ruby-openssl_2.1.2.orig.tar.gz
 6ee2544c1820092c78b205115a9b28f3e4c52bb9 14232 
ruby-openssl_2.1.2-1.debian.tar.xz
 15d0ee85cdb76bb1084d084dbd33ac021655974d 7037 
ruby-openssl_2.1.2-1_source.buildinfo
Checksums-Sha256:
 a732adf4669614d5e0b32a522fada4a618e25812bceb59ee3e8a1d97a7f5ca94 2045 
ruby-openssl_2.1.2-1.dsc
 0ae8da1eaef89e8b4a5d1834f9c8ab17425b01316cd6d63d89c11370eefc0aef 255371 
ruby-openssl_2.1.2.orig.tar.gz
 97fc952e39a085b06898a82eca6886d67da4c23261eca9b7a6ef81b3b42329c7 14232 
ruby-openssl_2.1.2-1.debian.tar.xz
 e172d6dc5a7fd402066c48e9a2768c33dd6d784c172250264d0fb1fe4cc5cb58 7037 
ruby-openssl_2.1.2-1_source.buildinfo
Files:
 5d30f03fa7dd5f4b18679eb6941af5fc 2045 ruby optional ruby-openssl_2.1.2-1.dsc
 592a784002c2807c5f0014709eba15f8 255371 ruby optional 
ruby-openssl_2.1.2.orig.tar.gz
 4fc3cfec80f441b8837b61ef938c4ac1 14232 ruby optional 
ruby-openssl_2.1.2-1.debian.tar.xz
 9edd28809779bd2d3dbbfea9ce588b8d 7037 ruby optional 
ruby-openssl_2.1.2-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKnl0ri/BUtd4Z9pKzh+cZ0USwioFAlyaYWYACgkQzh+cZ0US
wioohw//aV9FqxH90k8vZwxTWtdVjTAk1ucsHmLP3eQQmLPK9sdbVXhhEMo6nj5u
y0s3hqr2YYyim6VZFmLE05i6gB5T7f70od3p8Sn//tr6sfT9suauBPgFZEejZ1fp
WfLAYuMGxVgt4uoVKApevO8bhg0vATbJpqyzvlDp76HMkSNh5hAu+wWWKXfE2cGh
+S3LLo2E+aHqud85ekpBYYrRrYBJK1IRr5YzwGJL3WpVlMRPFqK6pdSyNMANXqTV
6vZLUoolThcnTdsxLFf/mzk5vSWUXYln/X8QfGu04VUlr3geSUvHmH3BSBs1Npvh
Dg+YZJuph0eQj13tmBKQwkoupjVYoOd8bp+inht42gyuwArCHRshZHhIf9c/Clsg
0gUebFrm/JUL5BGDIA57E2JRW7/b9rLMdbpXY9O1n55+mxdVoykzm6WHLfl9TuNV
WFXlMP3UjmmHGTdwjDDkdyIMtEyLx8a4ATDY68DTnc7JEwrEJe2NiZ1IMjah1Qw8
0ZTcMwedjDiUo2BGcnscVy7VTmW7AGCkhlAeE6V6+u5ZUFWrc8GykyA9b/ix/eXx
mub+ouxxnPGJKwcNnhKZSVN/tu2Y8LOaoL1k2s3YyuMy21HBSVm4sN4tOPooOre9
owOAQJ2Xc7NzXU5uY+E2QmnBirHQLrD1p3/kBcuhXbehgXy8N/Q=
=nVzd
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to