Your message dated Fri, 27 Jan 2023 01:07:09 +0000
with message-id <[email protected]>
and subject line Bug#1029715: fixed in passenger 6.0.17+ds-1
has caused the Debian Bug report #1029715,
regarding passenger: Warns for two security vulnerability with upstream fixes
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1029715: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029715
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: passenger
Version: 6.0.13+ds-1+b2
Severity: normal
Tags: upstream

Dear Maintainer,

When starting, the Apache logs show an available update with two security 
issues fixed:

    [ E 2023-01-26 16:19:00.9642 2682647/T6 age/Cor/SecurityUpdateChecker.h:521 
]: A security update is available for your version (6.0.13) of Phusion 
Passenger(R). We strongly recommend upgrading to version 6.0.17.
    [ E 2023-01-26 16:19:00.9644 2682647/T6 age/Cor/SecurityUpdateChecker.h:526 
]: Additional security update check information:
    - [Fixed in 6.0.14] [CVE-2018-25032] zlib before 1.2.12 allows memory 
corruption when deflating (i.e., when compressing) if the input has many 
distant matches.
    - [Fixed in 6.0.14] A use after free memory safety issue was introduced in 
6.0.12, and fixed in 6.0.14.

It would be nice if it was still possible to update the version of Passenger to 
at least 6.0.14


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
merged-usr: no
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-22-amd64 (SMP w/2 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages passenger depends on:
ii  libc6       2.36-8
ii  libcurl4    7.87.0-2
ii  libev4      1:4.33-1
ii  libgcc-s1   12.2.0-14
ii  libruby     1:3.1
ii  libruby3.1  3.1.2-4
ii  libssl3     3.0.7-2
ii  libstdc++6  12.2.0-14
ii  libuv1      1.44.2-1
ii  ruby        1:3.1
ii  ruby-rack   2.2.4-2

passenger recommends no packages.

Versions of packages passenger suggests:
ii  nodejs   18.13.0+dfsg1-1
ii  python3  3.10.6-3+b1
pn  rails    <none>

-- no debconf information

--- End Message ---
--- Begin Message ---
Source: passenger
Source-Version: 6.0.17+ds-1
Done: Antonio Terceiro <[email protected]>

We believe that the bug you reported is fixed in the latest version of
passenger, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Antonio Terceiro <[email protected]> (supplier of updated passenger package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 26 Jan 2023 21:42:11 -0300
Source: passenger
Architecture: source
Version: 6.0.17+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team 
<[email protected]>
Changed-By: Antonio Terceiro <[email protected]>
Closes: 1029715
Changes:
 passenger (6.0.17+ds-1) unstable; urgency=medium
 .
   [ Micah Anderson ]
   * Remove myself from debian/control Uploaders field.
 .
   [ Antonio Terceiro ]
   * debian/watch: update to catch new releases
   * New upstream version 6.0.17+ds (Closes: Closes: #1029715)
   * Refresh patches.
     0005-Restore-ability-to-build-against-upstream-libev.patch removed,
     already applied upstream.
   * Add myself to Uploaders:
Checksums-Sha1:
 89e5cdbe4369fde697ed31e20fc3a69cd3265e85 2352 passenger_6.0.17+ds-1.dsc
 31fb6b5053ec2e077eab7e1a454f2762798051ea 5505732 
passenger_6.0.17+ds.orig.tar.xz
 e39ec2e85e466326129a46296f8a4672fb8e2940 11264 
passenger_6.0.17+ds-1.debian.tar.xz
 010f01f36d466fe69289bc26448c516f5ab0d752 15423 
passenger_6.0.17+ds-1_source.buildinfo
Checksums-Sha256:
 d515889c2bcc4e7c7e60edb8dbc1bf2a77a688dd8f4a9d7d26ab3435d429b537 2352 
passenger_6.0.17+ds-1.dsc
 94fef7d24fa491854f28725bccb9bc8e8f178081904e37971bf2c001cb21eecf 5505732 
passenger_6.0.17+ds.orig.tar.xz
 f223f4873866a19625bfa73ee12f759bff345a2e39b4783fd8ffb36e383d75ec 11264 
passenger_6.0.17+ds-1.debian.tar.xz
 6a0e0a14a7b95b8176b60f3cacfa7058a60f2944850295181a2cb5a9c7cfc70b 15423 
passenger_6.0.17+ds-1_source.buildinfo
Files:
 d44cf7e7a25c843775db23f3663e0c63 2352 ruby optional passenger_6.0.17+ds-1.dsc
 b5322d459034c57f8bc83cd398333380 5505732 ruby optional 
passenger_6.0.17+ds.orig.tar.xz
 f256fb0015c236ac3fb5b7a3b1fd7425 11264 ruby optional 
passenger_6.0.17+ds-1.debian.tar.xz
 eae9e0b925ccc52d6e6f4ac99190464e 15423 ruby optional 
passenger_6.0.17+ds-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAmPTHhkACgkQ/A2xu81G
C96OUQ//bkxjBrvOnuI9jTFZ0ypdLG1TrxbPq/uvpYYuZvYupZoLB4MT1ZI46keP
Dgt0sPxtSR3ydbB1o3J6YwUEDgO9qnLquuumdsaW0/GdZcgJ1uVx+MDH+2JUcEhM
dadGtkw4TdTkPKME8k9GcTiI2IuG4RUv3JPuFe1+ovDlun1mzTc+O4F/Swj7t6Ie
YBt/GSGJfQCPD+cYe+WalzOl/G9xFBtG+2rLf89jcRgXoldnC88iDpj/pAG+OdcW
FWlSYsLGuehal4FVdSoofrpO3rkgJ8S5LGADUcA5BjV1jEgIx0S7Ipk/ntSzyqGT
AtYXZpjTIRvJlaKzm3yxjUuRjLYT+XUHxIgrADxVQwiIYklOaSfXGQ+O7giqjUD4
kaYyfqK7DxV+SFRDjgvZxT9RID4xk2Xq0WAEapNvx5tSrE5k9g/kn1NFsDh47DBd
afoeDsLapyIsGwNB6FXiWFAqMO3BTEa0yO337wXVHnqc3tTQipg9NRbDW8cL44uz
pRuOS9RgGO4+OyHGy6qaIe817CF2OR0NSzLRUiFygA3t1MZveFrsfVDB133sLZqO
4a2GTqQLt8FABmChLvglBO9HendXh5jSa4tOSHS+hPuGqC4Y1aLf+sIMISp3rR4Z
mddDF/zHvfQquoiiApNO5x1Xt/WnsJyUmw9nCH7lZ/FYaxVpQOQ=
=s2eL
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to