Your message dated Wed, 10 Jul 2013 17:04:17 +0000 with message-id <e1uwxop-0002tl...@franck.debian.org> and subject line Bug#714541: fixed in ruby1.8 1.8.7.358-7.1 has caused the Debian Bug report #714541, regarding ruby1.8: CVE-2013-4073: Hostname check bypassing vulnerability in SSL client to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 714541: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714541 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ruby1.8 Severity: normal Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for ruby1.8. CVE-2013-4073[0]: Hostname check bypassing vulnerability in SSL client If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073 http://security-tracker.debian.org/tracker/CVE-2013-4073 [1] http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/ [2] https://github.com/ruby/ruby/commit/961bf7496ded3acfe847cf56fa90bbdcfd6e614f (note the patch[2] contains a typo and need the follow up patch too). Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ruby1.8 Source-Version: 1.8.7.358-7.1 We believe that the bug you reported is fixed in the latest version of ruby1.8, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 714...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated ruby1.8 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 07 Jul 2013 14:10:32 +0200 Source: ruby1.8 Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libtcltk-ruby1.8 ruby1.8-examples ri1.8 ruby1.8-full Architecture: source all amd64 Version: 1.8.7.358-7.1 Distribution: unstable Urgency: high Maintainer: akira yamada <ak...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libruby1.8 - Libraries necessary to run Ruby 1.8 libruby1.8-dbg - Debugging symbols for Ruby 1.8 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8 ri1.8 - Ruby Interactive reference (for Ruby 1.8) ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8 ruby1.8-examples - Examples for Ruby 1.8 ruby1.8-full - Ruby 1.8 full installation Closes: 714541 Changes: ruby1.8 (1.8.7.358-7.1) unstable; urgency=high . * Non-maintainer upload. * Add CVE-2013-4073.patch patch. CVE-2013-4073: Fix hostname check bypassing vulnerability in SSL client. (Closes: #714541) Checksums-Sha1: 78cad0e85896bac3c01087f435de4d492093966e 2536 ruby1.8_1.8.7.358-7.1.dsc 6222e9b40a414a77349bd4ab301c65fde24d5770 59975 ruby1.8_1.8.7.358-7.1.debian.tar.gz 869eff8e2a0a39d579df6ab6c0c2a55d7fef878f 344664 ruby1.8-examples_1.8.7.358-7.1_all.deb 585ded63fdfe0b7b69c5b585ff8b4ab0e02b1054 1434598 ri1.8_1.8.7.358-7.1_all.deb 80b9238fe98c8c7a6b3113cdd27a0505ce81e195 283886 ruby1.8-full_1.8.7.358-7.1_all.deb db955f7b07cb859f5be879fca49813c710430810 320022 ruby1.8_1.8.7.358-7.1_amd64.deb a26ec7d3da3fc398dba2125a24b631c733533167 2078510 libruby1.8_1.8.7.358-7.1_amd64.deb 261481aa9b19e4c1ad0ea9ceb621f717232f8e11 1740644 libruby1.8-dbg_1.8.7.358-7.1_amd64.deb b93868d1b938473cb1094f2e3124abc01acf7be2 910826 ruby1.8-dev_1.8.7.358-7.1_amd64.deb 114be84c0c2b46d99ef71261643ef8ca57399188 2037396 libtcltk-ruby1.8_1.8.7.358-7.1_amd64.deb Checksums-Sha256: 394fb976de86136b90c5e78d0a104221b98f2cd782dfd2ab9ac066241fb70e50 2536 ruby1.8_1.8.7.358-7.1.dsc 8174505b449447149cc1917185f39472cc80156968a777b639353febf48727bb 59975 ruby1.8_1.8.7.358-7.1.debian.tar.gz e65cda729af36a31267b586e43a5da234e858ffe0cdb28da3e291217f41b6dcc 344664 ruby1.8-examples_1.8.7.358-7.1_all.deb c096f5cc14f5d67649932c2abd61202fe39db3041a2921fac7b7bb4af645c032 1434598 ri1.8_1.8.7.358-7.1_all.deb b007b7310f7dcdd3360fb787972d02235eb50fdb6b11e11ce291d6a2f723ac48 283886 ruby1.8-full_1.8.7.358-7.1_all.deb f820b4449b40aae83c91e960094c5650cd46cd5a360f7a192f295e8e1a2684d8 320022 ruby1.8_1.8.7.358-7.1_amd64.deb ec2fee345073e50edadc5733c233ab77e55ee2e3b8ea307c45fe2a118d3c91a2 2078510 libruby1.8_1.8.7.358-7.1_amd64.deb 24882fd08837117d86b8563e6421548e53a1a3941c32440e025c6d68449d8d01 1740644 libruby1.8-dbg_1.8.7.358-7.1_amd64.deb fae6bff49adfee2c668525889275082f31dd38a0062be336de3bb0a0dda962a0 910826 ruby1.8-dev_1.8.7.358-7.1_amd64.deb 4d2509f8e6493078bba015b5b7774e510b08929fef6951623361d2f852e30e35 2037396 libtcltk-ruby1.8_1.8.7.358-7.1_amd64.deb Files: d0dfa4af9a87cb4b67208963388244ac 2536 ruby optional ruby1.8_1.8.7.358-7.1.dsc 8deb889960f4f9009b126f0d922351e6 59975 ruby optional ruby1.8_1.8.7.358-7.1.debian.tar.gz 03d9cd86af0feabd214dbd15cc511d1b 344664 ruby optional ruby1.8-examples_1.8.7.358-7.1_all.deb 7ec5c580111e8ad95b8a0ab502d7aab2 1434598 ruby optional ri1.8_1.8.7.358-7.1_all.deb 48a539688c8e74d3d0c38d164d5a730d 283886 ruby optional ruby1.8-full_1.8.7.358-7.1_all.deb a0f85e340374a4052465c136fc72ecfe 320022 ruby optional ruby1.8_1.8.7.358-7.1_amd64.deb 8f79e63663589b69df9b3602f780c57c 2078510 libs optional libruby1.8_1.8.7.358-7.1_amd64.deb 0cf506db2069e5d79f1faaaff7119c6c 1740644 debug extra libruby1.8-dbg_1.8.7.358-7.1_amd64.deb 3493b6f54de380e5c60556c66192c2d8 910826 ruby optional ruby1.8-dev_1.8.7.358-7.1_amd64.deb 61f3ffafd5845056d3d0b679267a44cb 2037396 ruby optional libtcltk-ruby1.8_1.8.7.358-7.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJR2tBKAAoJEHidbwV/2GP+9J0P/i5WP+f7fIF02Pw/9jzEUTWC 2w3q5qrZUysOWAM9Lp120XNpzN8QRbASjR/Ie48VdD1rtBgm5p+87GzXjzKu8P8x aKFeJhBGVWgucUzU1ysfDj4xAMwKhxphNyn61g89uG0sbYvRILw74HeBI8ZWLFR7 a2+5TfWEGBh8Be2f5FVEAkWZGQpqVTpkmUaxxAiJqndN7bQoMXIHB7dtv4EC6MMl WRqjjbwWjqgXFQ4QCt3rEfa6zS6aC1OFHvkK2ZHYH5y9fvjGvTUIp/zvStnGiaom dzEU2CZjSXZfajytCCaTIb+CQidEvXGg20sV9DiT2N0wOrjKZuWOzmCDDjwflmZF BWYA5DFetU40ExeIFNzP/t9VizsB9oNeWP4Vlqdnw/53d/gU6VMqQqNyn8brlbVq mTDIGlFxreGIA9aZv0Z1zbF/Yun3oH0wnZfV/Tpgz0EIeWQpSJt7oTA+//+l7hMZ x+7zFr/ZHAOLAT73Y88bP+E92o1kNttUynSTE2+xseJEX16TiqUgD4qy43qPEwu3 J2tXNylqCEGoTNAH2aXIfW0Mza438ECveaNCr67vZUOkyuKFCsabr/8W6ME5gGZt X4DCOTXiRl6sVRdVqpuCwD0fGDC8L/DrFxAeRUnzFjQvepFlUan04CQJU+xVt8+Z YYcAzw3TS5aVmA2GMBu8 =fr6f -----END PGP SIGNATURE-----
--- End Message ---
