Your message dated Sun, 22 Jun 2008 12:32:18 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#487239: fixed in ruby1.9 1.9.0.2-1
has caused the Debian Bug report #487239,
regarding ruby1.9: Arbitrary code execution vulnerability and so on
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
487239: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487239
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: ruby1.9
Version: 1.9.0.1-5
Severity: grave
Tags: security
Justification: user security hole
The upstream has announced multiple vulnerabilities in Ruby. They may lead
to a denial of service (DoS) condition or allow execution of arbitrary code.
* CVE-2008-2662
* CVE-2008-2663
* CVE-2008-2725
* CVE-2008-2726
* CVE-2008-2727
* CVE-2008-2728
* CVE-2008-2664
Vulnerable versions
1.8 series
* 1.8.4 and all prior versions
* 1.8.5-p230 and all prior versions
* 1.8.6-p229 and all prior versions
* 1.8.7-p21 and all prior versions
1.9 series
* 1.9.0-1 and all prior versions
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable'), (90, 'unstable'), (1,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores)
Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP)
Shell: /bin/sh linked to /bin/bash
Versions of packages ruby1.9 depends on:
ii libc6 2.7-10 GNU C Library: Shared libraries
ii libruby1.9 1.9.0.1-5 Libraries necessary to run Ruby 1.
ruby1.9 recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: ruby1.9
Source-Version: 1.9.0.2-1
We believe that the bug you reported is fixed in the latest version of
ruby1.9, which is due to be installed in the Debian FTP archive:
irb1.9_1.9.0.2-1_all.deb
to pool/main/r/ruby1.9/irb1.9_1.9.0.2-1_all.deb
libdbm-ruby1.9_1.9.0.2-1_amd64.deb
to pool/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-1_amd64.deb
libgdbm-ruby1.9_1.9.0.2-1_amd64.deb
to pool/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-1_amd64.deb
libopenssl-ruby1.9_1.9.0.2-1_amd64.deb
to pool/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-1_amd64.deb
libreadline-ruby1.9_1.9.0.2-1_amd64.deb
to pool/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-1_amd64.deb
libruby1.9-dbg_1.9.0.2-1_amd64.deb
to pool/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-1_amd64.deb
libruby1.9_1.9.0.2-1_amd64.deb
to pool/main/r/ruby1.9/libruby1.9_1.9.0.2-1_amd64.deb
libtcltk-ruby1.9_1.9.0.2-1_amd64.deb
to pool/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-1_amd64.deb
rdoc1.9_1.9.0.2-1_all.deb
to pool/main/r/ruby1.9/rdoc1.9_1.9.0.2-1_all.deb
ri1.9_1.9.0.2-1_all.deb
to pool/main/r/ruby1.9/ri1.9_1.9.0.2-1_all.deb
ruby1.9-dev_1.9.0.2-1_amd64.deb
to pool/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-1_amd64.deb
ruby1.9-elisp_1.9.0.2-1_all.deb
to pool/main/r/ruby1.9/ruby1.9-elisp_1.9.0.2-1_all.deb
ruby1.9-examples_1.9.0.2-1_all.deb
to pool/main/r/ruby1.9/ruby1.9-examples_1.9.0.2-1_all.deb
ruby1.9_1.9.0.2-1.diff.gz
to pool/main/r/ruby1.9/ruby1.9_1.9.0.2-1.diff.gz
ruby1.9_1.9.0.2-1.dsc
to pool/main/r/ruby1.9/ruby1.9_1.9.0.2-1.dsc
ruby1.9_1.9.0.2-1_amd64.deb
to pool/main/r/ruby1.9/ruby1.9_1.9.0.2-1_amd64.deb
ruby1.9_1.9.0.2.orig.tar.gz
to pool/main/r/ruby1.9/ruby1.9_1.9.0.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daigo Moriwaki <[EMAIL PROTECTED]> (supplier of updated ruby1.9 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 21 Jun 2008 16:02:58 +0900
Source: ruby1.9
Binary: ruby1.9 libruby1.9 libruby1.9-dbg ruby1.9-dev libdbm-ruby1.9
libgdbm-ruby1.9 libreadline-ruby1.9 libtcltk-ruby1.9 libopenssl-ruby1.9
ruby1.9-examples ruby1.9-elisp ri1.9 rdoc1.9 irb1.9
Architecture: source all amd64
Version: 1.9.0.2-1
Distribution: unstable
Urgency: high
Maintainer: akira yamada <[EMAIL PROTECTED]>
Changed-By: Daigo Moriwaki <[EMAIL PROTECTED]>
Description:
irb1.9 - Interactive Ruby (for Ruby 1.9)
libdbm-ruby1.9 - DBM interface for Ruby 1.9
libgdbm-ruby1.9 - GDBM interface for Ruby 1.9
libopenssl-ruby1.9 - OpenSSL interface for Ruby 1.9
libreadline-ruby1.9 - Readline interface for Ruby 1.9
libruby1.9 - Libraries necessary to run Ruby 1.9
libruby1.9-dbg - Debugging symbols for Ruby 1.9
libtcltk-ruby1.9 - Tcl/Tk interface for Ruby 1.9
rdoc1.9 - Generate documentation from Ruby source files (for Ruby 1.9)
ri1.9 - Ruby Interactive reference (for Ruby 1.9)
ruby1.9 - Interpreter of object-oriented scripting language Ruby 1.9
ruby1.9-dev - Header files for compiling extension modules for the Ruby 1.9
ruby1.9-elisp - ruby-mode for Emacsen
ruby1.9-examples - Examples for Ruby 1.9
Closes: 487239
Changes:
ruby1.9 (1.9.0.2-1) unstable; urgency=high
.
* New upstream release.
* debian/generated-incs/*.inc: updated. They were created directly from the
source using ruby1.8.
* Fixed vulnerability: arbitrary code execution vulnerability and so on
(Closes: #487239)
* debian/watch: supported the version numbering of the upstream.
* removed patches that the upstream has applied:
- debian/patches/800_parse_shebang_in_usascii.dpatch
- debian/patches/801_too_strict_encoding_check.dpatch
- debian/patches/802_hash_compare_by_identity.dpatch
- debian/patches/803_syntaxerror_irb_bug.dpatch
- debian/patches/804_debug.rb_is_bloken.dpatch
- debian/patches/805_webrick_file_access_vulnerability.dpatch
* removed patches since this package no longer provides rubygems.
- debian/patches/910_gem_prelude.dpatch
- debian/patches/911_default_gem_path.dpatch
- debian/patches/913_disable_update_system.dpatch
- debian/patches/917_avoid_ioseek.dpatch
- debian/patches/918_tighter_search_regex.dpatch
* Added debian/patches/101_parse_rb.dpatch: RDoc might have failed to parse.
* Added debian/patches/102_skip_test_copy_stream.dpatch: skip a test
Checksums-Sha1:
ed89d3fe61a880123ad25f212da3d0038be5d1ca 1643 ruby1.9_1.9.0.2-1.dsc
7582f8e68cdd3e8fdf8ade842a5ed0be0fc01ed7 6407910 ruby1.9_1.9.0.2.orig.tar.gz
5826a6c454b0339f4299c65970a825196916a482 40606 ruby1.9_1.9.0.2-1.diff.gz
984b8909adad40884d0c2b3b2341eebf1fa46553 481992
ruby1.9-examples_1.9.0.2-1_all.deb
815f36178142930e8cf09407458cc4f7ec63b910 446950 ruby1.9-elisp_1.9.0.2-1_all.deb
230a78a6f6cad1134f3a0c51250b13bb160a253e 1393978 ri1.9_1.9.0.2-1_all.deb
85aed449f798ccb03ac5c80205bc65c4a4f00c5c 534078 rdoc1.9_1.9.0.2-1_all.deb
0bedac66f2a907fd7f0e454b5c70c71b4ada749a 472818 irb1.9_1.9.0.2-1_all.deb
ac1b054f0f84045b0325fe60fd2e36de44a90754 450444 ruby1.9_1.9.0.2-1_amd64.deb
c6ef3acf87d36e94936459ead87839c700bebea3 2691070 libruby1.9_1.9.0.2-1_amd64.deb
5972953b41148fa6d275a8534c2019ac18a432a9 2520920
libruby1.9-dbg_1.9.0.2-1_amd64.deb
732b3acd8a1315343291646480ce047a2c6846ca 1362226
ruby1.9-dev_1.9.0.2-1_amd64.deb
d127940a57a6d3f40d91a8538446d3887154c322 435370
libdbm-ruby1.9_1.9.0.2-1_amd64.deb
9a204460bf8bb4dd367306ddc3fdf95005fbc930 434570
libgdbm-ruby1.9_1.9.0.2-1_amd64.deb
cd7ff11a36ad357d140cac6621bc6e5df6b25d77 434498
libreadline-ruby1.9_1.9.0.2-1_amd64.deb
7aa079eeab9146a7842a6a77ed4aa0eb4dcb11df 2167552
libtcltk-ruby1.9_1.9.0.2-1_amd64.deb
580b2afd25f53641081c9aee6c9f2d800cf60428 558806
libopenssl-ruby1.9_1.9.0.2-1_amd64.deb
Checksums-Sha256:
856020328901eb5cb7977d62bd596630ce1cba248f9ccdb787b59c1340fd0507 1643
ruby1.9_1.9.0.2-1.dsc
f6ec21d1e23e36a7a1c17ae838e1c278cd3896715bc65ceee021261c317451e4 6407910
ruby1.9_1.9.0.2.orig.tar.gz
49b1fcacce9042e7b9b647c1b16cc92cba376274311065e9ab71c8fde6c08632 40606
ruby1.9_1.9.0.2-1.diff.gz
b848bb653438232a3cfeb507906a92d1a1da098437d693075dce8f2a93e0d701 481992
ruby1.9-examples_1.9.0.2-1_all.deb
51b26a649bbe1ed4a7491efffe95c995b5af027835d472ab77e1aeaac4c263e3 446950
ruby1.9-elisp_1.9.0.2-1_all.deb
19d9c81221235799424b99bac209dc779ce488aabaedb53a7d66d4bee58e777e 1393978
ri1.9_1.9.0.2-1_all.deb
2356d8ad2f012b9c1c222ea40dcea7fd9ba7adb23a2abda678752ace3b140e50 534078
rdoc1.9_1.9.0.2-1_all.deb
1509af167d0b5ecbd6801da1c059981b2a60dabf1b4b70e907467274b9b707f9 472818
irb1.9_1.9.0.2-1_all.deb
4e5a01c74e3c4bc28fd0536306146d0afe19b5b3bef9dc96b27cc0ee0c11325a 450444
ruby1.9_1.9.0.2-1_amd64.deb
31a7ba8a53818632ccc8e7d9e6059fc318e1f8e2b1ed38a683b8454ed8349f19 2691070
libruby1.9_1.9.0.2-1_amd64.deb
24a2d3e3f328bae917588844d08af85c25d974cda64919464edd4a681615ec27 2520920
libruby1.9-dbg_1.9.0.2-1_amd64.deb
9e0ad063b06ed57f366c7d798116c01966ced22efd92c033fcef75720d228b1b 1362226
ruby1.9-dev_1.9.0.2-1_amd64.deb
b9e989fffecf54a60638011ba63a307969882e887377d1cc2d8c6f1ae1edd679 435370
libdbm-ruby1.9_1.9.0.2-1_amd64.deb
7226a460793653d1ae41671ce6b5b9c8eb8c321805acc8bdfe9c056d88f5f43c 434570
libgdbm-ruby1.9_1.9.0.2-1_amd64.deb
c0baa62cd3c1a58426b1a3c73144e55efd84b9e0ce458dec1d26e5d8c0a80bdd 434498
libreadline-ruby1.9_1.9.0.2-1_amd64.deb
ef6fc42e0e2649ddbce0bb782a782df0d0df935be96bd0e30c650941d440b393 2167552
libtcltk-ruby1.9_1.9.0.2-1_amd64.deb
0398bb6fc3274931a3496d47670252e27eb17f9c9f107a6aa56a7f3d13daf7a2 558806
libopenssl-ruby1.9_1.9.0.2-1_amd64.deb
Files:
c021617ff0da63150d35953c5cb3567c 1643 interpreters optional
ruby1.9_1.9.0.2-1.dsc
2a848b81ed1d6393b88eec8aa6173b75 6407910 interpreters optional
ruby1.9_1.9.0.2.orig.tar.gz
27b4e213c88c18c1838c756a60861776 40606 interpreters optional
ruby1.9_1.9.0.2-1.diff.gz
461fe6807f6e434f74aa3bf33c699e85 481992 interpreters optional
ruby1.9-examples_1.9.0.2-1_all.deb
e69d24fa95eb63b693b122cacafa1dd9 446950 interpreters optional
ruby1.9-elisp_1.9.0.2-1_all.deb
ab153ee7eaae92282590cfaca852816e 1393978 interpreters optional
ri1.9_1.9.0.2-1_all.deb
2a82b0af4fa595c2a6ea96c8c8ba48f6 534078 doc optional rdoc1.9_1.9.0.2-1_all.deb
a5131cdd822b7759161d9d89a335e5ef 472818 interpreters optional
irb1.9_1.9.0.2-1_all.deb
ecdc1f1eaa94ba9024bfa17f30e98c87 450444 interpreters optional
ruby1.9_1.9.0.2-1_amd64.deb
dc744cf81054c71f2a71558d19174479 2691070 libs optional
libruby1.9_1.9.0.2-1_amd64.deb
a81d88f8c197640bc0f558d0b5c381f5 2520920 libdevel extra
libruby1.9-dbg_1.9.0.2-1_amd64.deb
5fa3904c262ef2d7de5a83467c98ff59 1362226 devel optional
ruby1.9-dev_1.9.0.2-1_amd64.deb
83ce8ab263f9fb133fbdc33810b89409 435370 interpreters optional
libdbm-ruby1.9_1.9.0.2-1_amd64.deb
1fd2b1ef8ed5743694faa62b1ef4560b 434570 interpreters optional
libgdbm-ruby1.9_1.9.0.2-1_amd64.deb
0a3fbfa01676d254eeed7b0ae4d8ef21 434498 interpreters optional
libreadline-ruby1.9_1.9.0.2-1_amd64.deb
aea0cc121396b9040dc5b25b8525f078 2167552 interpreters optional
libtcltk-ruby1.9_1.9.0.2-1_amd64.deb
474a9bcd4c55ad0a949ff729f095c1a3 558806 interpreters optional
libopenssl-ruby1.9_1.9.0.2-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIXkOHNcPj+ukc0lARAtT4AKCGtipxvIMeocmzezaEmq8/xhBbFgCeN2Yz
xefxg/UCirSkdOJr+WudtBw=
=YmJK
-----END PGP SIGNATURE-----
--- End Message ---
