Bug#931932: marked as done (CVE-2019-13574)

[Debian Bug Tracking System]

Your message dated Tue, 16 Jul 2019 21:08:07 +0000
with message-id <e1hnugb-0007qx...@fasolo.debian.org>
and subject line Bug#931932: fixed in ruby-mini-magick 4.5.1-1+deb9u1
has caused the Debian Bug report #931932,
regarding CVE-2019-13574
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931932: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931932
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: ruby-mini-magick
Severity: grave
Tags: security

Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13574

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: ruby-mini-magick
Source-Version: 4.5.1-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
ruby-mini-magick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 931...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated ruby-mini-magick 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 12 Jul 2019 21:37:43 +0200
Source: ruby-mini-magick
Architecture: source
Version: 4.5.1-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 931932
Changes:
 ruby-mini-magick (4.5.1-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Don't allow remote shell execution (CVE-2019-13574) (Closes: #931932)
Checksums-Sha1:
 cb6552471b778051d5de0c7762e7e0fe59b54946 2397 
ruby-mini-magick_4.5.1-1+deb9u1.dsc
 8c334634668f3b493038aa4f3f1a2f8405fd4cd5 1113157 
ruby-mini-magick_4.5.1.orig.tar.gz
 e939b8fb79633470d06b55dbd8195ef327770bf7 6732 
ruby-mini-magick_4.5.1-1+deb9u1.debian.tar.xz
 0e7ca6698c82807886b269cfe48043b5ef94d8fc 7290 
ruby-mini-magick_4.5.1-1+deb9u1_source.buildinfo
Checksums-Sha256:
 017cb0e3072e47ba5719e5c0b9aae8e5f66fe8d6962432323546699b29c7c083 2397 
ruby-mini-magick_4.5.1-1+deb9u1.dsc
 4222e9c8b84914230669e0a180a2e1d68e6c3d0d2b9e2464faf664bd545e8522 1113157 
ruby-mini-magick_4.5.1.orig.tar.gz
 3e6ab3240d8971a1075f1a61cc917814ffa961bc82d3edd1c5bfaef3f0f58f3f 6732 
ruby-mini-magick_4.5.1-1+deb9u1.debian.tar.xz
 a4db8d1e5d937d47ed1482c25c4a37a2c96e92064bfc8c65bdee31dbe3b8d6a4 7290 
ruby-mini-magick_4.5.1-1+deb9u1_source.buildinfo
Files:
 b1f541b546dbdd538388655a60f23dbb 2397 ruby optional 
ruby-mini-magick_4.5.1-1+deb9u1.dsc
 e73601db116abba9ef9df8f178f3d4d2 1113157 ruby optional 
ruby-mini-magick_4.5.1.orig.tar.gz
 735a9a75f716feeda00e6d4650dc1242 6732 ruby optional 
ruby-mini-magick_4.5.1-1+deb9u1.debian.tar.xz
 3db06bcbabd95c330de0662914788915 7290 ruby optional 
ruby-mini-magick_4.5.1-1+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0o8KdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EDOwP/iLPlT7EHxjj6ES/pp3T2MpS2qPkJ8T1
VeP6iyIVPV9n9hYdcylKsohCNwLTxJkyNrMZMrmYwdRH/fPJ3utGaBgFa4kL3kN2
XpGzlgP/loj2Zg3/3C+KctEGlQQGWnLec/pCCA3q+G3dkDvnScL8+ASqvUq/Kwdi
vswvar6M2DtNdMXFgvmA5mixmlCSd5a+u3mQfa24WWGuLOgLoeyfHrLrly/pHEBN
u9OqVHWaTEcQmbFro4dIPhXxaPMTbrEqBIGNK9vZSwzqMGbP2QDv2Q/5ccRiE1yk
dYKJZWt38IhnxEv7EzAbld3Jh+vhXJ2uINiZitUnD/gpX1EoiVWZJ8hVnfzOUjrM
7UCTuOvEzRy+VOQjtQKvtgfttH5wWgypV4X1JyzJHXmpT8Gq5X7dZNB9R55QAuPf
UXtqG30Y+dxiiyjlptw6ZMrTnE3hWkzZE4REEb2hpaeruhKh+oUb7cutY5JtvDS8
GZNh6VmkPhmy7ArhyPHuLqkGbn7ToqffZfDkikYK7pad+8qfurGt1Hb9AlyaCPFh
hA1TltEt2TwQRgsix0mYkVelEelgis3A/nYEDFXxAPqJzZGMEzrwCmJ+MQ/Axk0f
vbYM7Agh0PZf2xvdQ6j2a0eZ0V6jv28Z4dPl445/sdEOsBbspKJBDMF5ZQVLar6R
zJVKPmKGNFgo
=2QUR
-----END PGP SIGNATURE-----

--- End Message ---