Processed: Re: Bug#487432 closed by Lucas Nussbaum [EMAIL PROTECTED] (Re: Bug#487238: ruby1.8: Arbitrary code execution vulnerability and so on)
Processing commands for [EMAIL PROTECTED]: reopen 487432 Bug#487432: Missing files to build the examples 'reopen' may be inappropriate when a bug has been closed with a version; you may need to use 'found' to remove fixed versions. Bug reopened, originator not changed. notfixed 487432 1.9.0.2-2 Bug#487432: Missing files to build the examples Bug no longer marked as fixed in version 1.9.0.2-2. close 488432 1.9.0.2-2 Bug#488432: ruby1.8: Arbitrary code execution vulnerability and so on 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 1.9.0.2-2, send any further explanations to Daigo Moriwaki [EMAIL PROTECTED] thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#488432: Bug#487432 closed by Lucas Nussbaum [EMAIL PROTECTED] (Re: Bug#487238: ruby1.8: Arbitrary code execution vulnerability and so on)
reopen 487432 notfixed 487432 1.9.0.2-2 close 488432 1.9.0.2-2 thanks On 11/07/08 at 06:38 +, Debian Bug Tracking System wrote: This is an automatic notification regarding your Bug report which was filed against the texpower package: #487432: Missing files to build the examples Gasp. Wrong bug. -- | Lucas Nussbaum | [EMAIL PROTECTED] http://www.lucas-nussbaum.net/ | | jabber: [EMAIL PROTECTED] GPG: 1024D/023B3F4F | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#487238: ruby1.8: Arbitrary code execution vulnerability, and so on
Am 2008-07-04 08:34:03, schrieb timdau: 15 days later, still no patch. END OF REPLIED MESSAGE What about writing and submiting one? Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 +49/177/935194750, rue de Soultz MSN LinuxMichi +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Bug#487238: ruby1.8: Arbitrary code execution vulnerability, and so on
15 days later, still no patch.
Bug#487238: ruby1.8: Arbitrary code execution vulnerability, and so on
Is there a plan to resolve this security problem in Etch, or should I start looking for alternative solutions? I would like to aptitude update aptitude upgrade and make this problem go aways, but if that is not going to happen then I would like to know this so I can start looking for a different solution. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#487238: ruby1.8: Arbitrary code execution vulnerability and so on
Processing commands for [EMAIL PROTECTED]: clone 487238 -1 Bug#487238: ruby1.8: Arbitrary code execution vulnerability and so on Bug 487238 cloned as bug 488432. reassign -1 ruby1.9 1.9.0.1-1 Bug#488432: ruby1.8: Arbitrary code execution vulnerability and so on Bug reassigned from package `ruby1.8' to `ruby1.9'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#487238: ruby1.8: Arbitrary code execution vulnerability and so on
clone 487238 -1 reassign -1 ruby1.9 1.9.0.1-1 thanks On 20/06/08 at 22:52 +0900, Daigo Moriwaki wrote: The upstream has announced multiple vulnerabilities in Ruby. They may lead to a denial of service (DoS) condition or allow execution of arbitrary code. * CVE-2008-2662 * CVE-2008-2663 * CVE-2008-2725 * CVE-2008-2726 * CVE-2008-2727 * CVE-2008-2728 * CVE-2008-2664 OK, I think that the current status on this issue is the following: 1.8.7.22-1 (in unstable) apparently fixed the problem. 1.8.7-2 (in testing) is NOT FIXED. Release team, please let the unstable version migrate to testing. 1.8.5-4etch1 (in etch) is still not fixed. I don't think that a patch that only fixes this issue exists. Ruby 1.9: (there wasn't any bug filed, I cloned this one) 1.9.0.2 should be fixed, but that version FTBFS on most arches. (see #488362) -- | Lucas Nussbaum | [EMAIL PROTECTED] http://www.lucas-nussbaum.net/ | | jabber: [EMAIL PROTECTED] GPG: 1024D/023B3F4F | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#487238: ruby1.8: Arbitrary code execution vulnerability and so on
On 28/06/08 at 22:54 +0200, Lucas Nussbaum wrote: 1.8.5-4etch1 (in etch) is still not fixed. I don't think that a patch that only fixes this issue exists. Mmmh, Ubuntu has a fixed package, which can be downloaded from https://launchpad.net/ubuntu/+source/ruby1.8/1.8.5-4ubuntu2.2 . But someone still has to check if the fix is correct... -- | Lucas Nussbaum | [EMAIL PROTECTED] http://www.lucas-nussbaum.net/ | | jabber: [EMAIL PROTECTED] GPG: 1024D/023B3F4F | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#487238: ruby1.8: Arbitrary code execution vulnerability and so on
Hi, this bug has been fixed by an upload for amd64. But for other architectures (including i386) the fixed version is not available yet and systems remain vulnerable. Could somebody please fix this? -- Laurent Bonnaud. http://www.lis.inpg.fr/pages_perso/bonnaud/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#487238: ruby1.8: Arbitrary code execution vulnerability and so on
On 25/06/08 at 19:14 +0200, Laurent Bonnaud wrote: Hi, this bug has been fixed by an upload for amd64. But for other architectures (including i386) the fixed version is not available yet and systems remain vulnerable. Could somebody please fix this? It was built everywhere except alpha, but the i386 build wasn't uploaded. i386 buildd admin, can you upload ruby1.8 1.8.7.22-1 ? Thank you, -- | Lucas Nussbaum | [EMAIL PROTECTED] http://www.lucas-nussbaum.net/ | | jabber: [EMAIL PROTECTED] GPG: 1024D/023B3F4F | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#487238: ruby1.8: Arbitrary code execution vulnerability and so on
Package: ruby1.8 Version: 1.8.6.114-2 Severity: grave Tags: security Justification: user security hole The upstream has announced multiple vulnerabilities in Ruby. They may lead to a denial of service (DoS) condition or allow execution of arbitrary code. * CVE-2008-2662 * CVE-2008-2663 * CVE-2008-2725 * CVE-2008-2726 * CVE-2008-2727 * CVE-2008-2728 * CVE-2008-2664 Vulnerable versions 1.8 series * 1.8.4 and all prior versions * 1.8.5-p230 and all prior versions * 1.8.6-p229 and all prior versions * 1.8.7-p21 and all prior versions 1.9 series * 1.9.0-1 and all prior versions -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable'), (90, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores) Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP) Shell: /bin/sh linked to /bin/bash Versions of packages ruby1.8 depends on: ii libc62.7-10 GNU C Library: Shared libraries ii libruby1.8 1.8.6.114-2 Libraries necessary to run Ruby 1. ruby1.8 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Bug#487238: ruby1.8: Arbitrary code execution vulnerability and so on
Processing commands for [EMAIL PROTECTED]: tags 487238 + etch Bug#487238: ruby1.8: Arbitrary code execution vulnerability and so on Tags were: security Tags added: etch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
