Your message dated Wed, 21 Nov 2018 15:22:59 +0000 with message-id <e1gpuld-000an3...@fasolo.debian.org> and subject line Bug#913005: fixed in ruby-rack 2.0.5-2 has caused the Debian Bug report #913005, regarding ruby-rack: CVE-2018-16471: Possible XSS vulnerability in Rack to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 913005: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913005 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ruby-rack Version: 1.6.4-4 Severity: grave Tags: patch security upstream Hi, The following vulnerability was published for ruby-rack. CVE-2018-16471[0]: Possible XSS vulnerability in Rack If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16471 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16471 [1] https://www.openwall.com/lists/oss-security/2018/11/05/2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ruby-rack Source-Version: 2.0.5-2 We believe that the bug you reported is fixed in the latest version of ruby-rack, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 913...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated ruby-rack package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 21 Nov 2018 14:58:29 +0100 Source: ruby-rack Binary: ruby-rack Built-For-Profiles: nocheck Architecture: source all Version: 2.0.5-2 Distribution: experimental Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: ruby-rack - modular Ruby webserver interface Closes: 913005 Changes: ruby-rack (2.0.5-2) experimental; urgency=medium . * CVE-2018-16471: Prevent a possible XSS vulnerability where a malicious request could impact the HTTP/HTTPS scheme returned to the underlying application. (Closes: #913005 * debian/control: - Add myself to Uploaders. - Bump Standards-Version to 4.2.1. - wrap-and-sort -sa. * Drop trailing whitespace in debian/changelog. * Use HTTPS URI in debian/copyright. Checksums-Sha1: 5ebc148ef6992f21d8bca693675fd2aaee711696 2215 ruby-rack_2.0.5-2.dsc e0cfe0f01942e3cdbbe9c8b68da81f1ea92e9279 6732 ruby-rack_2.0.5-2.debian.tar.xz 132d1da95ab2ab3eb80ef9c3a1747468b140be95 89904 ruby-rack_2.0.5-2_all.deb 2f53a82e25cabea5b6c2fc9ffd8be57d210f08a9 8786 ruby-rack_2.0.5-2_amd64.buildinfo Checksums-Sha256: bae89416932fcc034315b0df5d00dee72b0b376c99c87c0d258c558706fb20e1 2215 ruby-rack_2.0.5-2.dsc a7aab6889051d4c7e5347c5584d6a017539cf5bb7bf4e77227c3848f624fffb0 6732 ruby-rack_2.0.5-2.debian.tar.xz 8dbc3b1de9aa67645e3b0ac37ff9005f946d39625e72637ffca19e14659ef7bd 89904 ruby-rack_2.0.5-2_all.deb ab1d791580c1601710171d77c7f200cf1f050e208bda79b01441d96dd91097b4 8786 ruby-rack_2.0.5-2_amd64.buildinfo Files: d97bf253f071e1545767bac1447907e6 2215 ruby optional ruby-rack_2.0.5-2.dsc c297a664ead9f6f685891d6ee8473e91 6732 ruby optional ruby-rack_2.0.5-2.debian.tar.xz f765f4dc2d74787a3215b749cf653683 89904 ruby optional ruby-rack_2.0.5-2_all.deb 440c3f30d4a047f93b6870178d96d3b3 8786 ruby optional ruby-rack_2.0.5-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlv1cuQACgkQHpU+J9Qx HljHBA/9HCa9Xq7RNw33GsQJ1ShcX6EuR3/MQG+8aEcz2pS1Xrcq2lE1nldC+/dh fAoVowq4jgS7ngQYoz4Kw9lLgtN5CzS/oYVnkS09KewNwi1UZwW9j72iNSkLNwl6 dZXlMScmQbSBVtQIpmlvRezCXudxPDVVFqSL/6+njQ+nmqWKHb+vtCdZqnSjmvPc WM/j7V3diUoJTIvAq554EvN3osZkxKqBGNzqi2DXKYcg4oj+a2o1pK7L/SHyJLjg lYDmUIymxFPvI5lJhu3d6M+zOrRjkdqHXJJdecmQ456HQAS10CrXvdO3h1PJeFwX 9+FvhhEAvEC7LtzyM8pKyE7DPXuXWDv9RGRPwmRD7JeFScaviHDSzgeIKtt2yT8J 5uLcHsOCJ/AQoFqeP6msxa8JBU5Q0ZIRxBA9ollj6a15P7aEiUxDzRCllLR2T7pN 2+S02W9uL6ua/H0JNumwarQrsPW2qt5W6/4FvGZgkAiXP0o3O685DPjAa1dlmi0i VxO/PU5/I5A989DYsJiaczVI8m32jAFTUvr1F1o1fSnx4L7v3yEOkISnQRzFpA/K a9DWd+QtbihYS0f/p+cpKDe35bRh9Qp/nVa+rBRR9DGw+AQ6p0m9YY0h0n9U/NaG d3rUatqbuqTcBWEOmCNAEde15Z16b5Nnfu+f7wej8wHtr3L42bc= =Ipwp -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
