Bug#698440: [DRE-maint] Bug#698440: ruby-rack: CVE-2012-6109 CVE-2013-0184 CVE-2013-0183
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
At 22 Jan 2013 08:36:22 +0900,
"Nobuhiro Iwamatsu" wrote:
>
> Looks good to me.
Thank you for your review. I'll upload it.
> > BTW, I don't know these issues affect stable packages,
> > librack-ruby{,1.8,1.9.1}, ver. 1.1.0-4.
>
> I seem to need 0003-Reimplement-auth-scheme-fix.patch.
> Please consult about this to security team.
Ok.
Best Wishes,
Youhei
- ---
Youhei SASAKI
GPG fingerprint:
4096/RSA: 66A4 EA70 4FE2 4055 8D6A C2E6 9394 F354 891D 7E07
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJRA/3rAAoJEJOU81SJHX4H1eAP/i5PXQptLxUI/zHxep9s0vPc
Q3bFOS3dA+52q/kjHwOBEagP0/L3Z11+nn84bqgH4TxnQrCB1dOgb3rWNMy8fNPT
osP3YWpDEmmzdBfcqMGHd7N/L43TxKypUfKKSZZo8FY7xxdeAN9yjkEV0M/DUm2l
TA4HK9j2ozDxCDTEvY9PtZyKyAGBpEBL+1J6SGDxDpyQe0isQLlU5c/t80sxhneK
QJ9XYNlbz8afNqaFwvQ6A3c/LvMpvuw8DsvqarWIpzxF0BlY55EwCikMuA9KkFfw
JhS9BbquJWea/tPT2iiT2KiQIfuDjy9Grn69eVwUKf8jrSH9b6GwWthZp8drmYXW
/ay+skFkhohtKnT0tI2zRRlSgBtGevgmEzNS+6g7rGYw6iMszLKuN8Xn0FYjm5Hl
Oi/lM/wNaSc1s/+aA2GwS6nUAwdfjC9r6TTsPVdpbdKAxcwYDdsatZYKEdGWw7TW
6WR+DgblbDF3J5FgFcWW21HZan/t2MAX0Bs35ljsi00fu/Khkf4W5RVVd3tl+Bsd
wSNblF4+kZL3vG4ixcA0BbWyc70z8AqN8HZfAXhidJoMg7gKy3dRHCm/oEWGrFHb
OQ2NgZuEBP9MIjQyQxvyoEuuh85yWWdxcm1J/YmN+quqIuaZ2uEqCP1TnyQLJ8B5
9JxXmtC7ixyT3VxOGAZI
=YP9S
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#698440: [DRE-maint] Bug#698440: ruby-rack: CVE-2012-6109 CVE-2013-0184 CVE-2013-0183
Hi,
On Sun, Jan 20, 2013 at 6:13 AM, Youhei SASAKI wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Dear team member:
> (Cc: BTS, security team)
>
> I created cherry-picked patches from upstream, in order to fix these CVE
> issues and commit team git repository. Please review for upload.
Looks good to me.
>
> Vcs-Git: git://git.debian.org/pkg-ruby-extras/ruby-rack.git
> Vcs-Browser:
> http://git.debian.org/?p=pkg-ruby-extras/ruby-rack.git;a=summary
>
> BTW, I don't know these issues affect stable packages,
> librack-ruby{,1.8,1.9.1}, ver. 1.1.0-4.
I seem to need 0003-Reimplement-auth-scheme-fix.patch.
Please consult about this to security team.
>
> # We have dropped them from SVN repos. Thus we should import them into
> # team Git repos.
>
> P.S. Thanks Moritz!
>
> At 18 Jan 2013 15:55:23 +0100,
> "Moritz Muehlenhoff" wrote:
>>
>> Package: ruby-rack
>> Severity: grave
>> Tags: security
>> Justification: user security hole
>>
>> Please see these links for details:
>> http://seclists.org/oss-sec/2013/q1/80
>> http://seclists.org/oss-sec/2013/q1/83
>>
>
> Best Wishes,
> - ---
> Youhei SASAKI
>
> GPG fingerprint:
> 4096/RSA: 66A4 EA70 4FE2 4055 8D6A C2E6 9394 F354 891D 7E07
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iQIcBAEBCgAGBQJQ+wxnAAoJEJOU81SJHX4HrewP/3goc7fyxCGG4o8ZoECNjV7Z
> zCKE/ya6aRVqvcFEBbSrvo/nh+QZdmMbLb2mu68PV8iEdsa7zYuxH+uGMv5brckN
> ST4dOAyUIfAvTBfusgsIDZaJWkOI/5w5t6Cv3hEr5wbBikvkyee40xCrkDklYoU3
> Y0/rSsjoIf5CUQwZ9XrSVbf5Z/Jy1RY9mXCJOygQXRwztYPbO8hawO2sv73MQM4W
> stTViWues7IgnjAEDPrtYOU3d35bx0MgDwfxcqXr9nDIz6TsnCX34FNiWl9Zw4Lc
> 6sJhUVKpCImTTwaHSRtvg/HWH75L+qLh6W8isscyh2qR3ZfFRmMgjPcm9Y/X56LI
> 0KPUuwuQQkOi6dgyY8jR6fk03Bwh1KpnJWfwUvPYHQX9IF5iRJbsfKuyqrqs2HQC
> Sv5xrp0eedoxs7Jh9hq4MMAwioM6r3/KtYUB0gyc4/6GxiPnLwGJtH3jcphCjju6
> BFyNRVsBc9oS/sH4Npor7Urr7KsMo8SeSmoJLPbqVwPVfbDLgL2LFOr5d3RLXqlU
> efJ2XxtIRqPMkzWoBZlWdKoxp3eQ08AMSeRhgJR+7ZG0+j7biSuM2nhRtF1AhVDp
> rq3mUzfBQi7MEw4cSFoGHIZVXj5SIX8Mlhou1si5OAww8qbPPx36HvNbxBDXoD4l
> EHLfuZ4hvyyg+0DVwtJi
> =u1mW
> -END PGP SIGNATURE-
>
> ___
> Pkg-ruby-extras-maintainers mailing list
> pkg-ruby-extras-maintain...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
Best regards,
Nobuhiro
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#698440: [DRE-maint] Bug#698440: ruby-rack: CVE-2012-6109 CVE-2013-0184 CVE-2013-0183
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Dear team member:
(Cc: BTS, security team)
I created cherry-picked patches from upstream, in order to fix these CVE
issues and commit team git repository. Please review for upload.
Vcs-Git: git://git.debian.org/pkg-ruby-extras/ruby-rack.git
Vcs-Browser: http://git.debian.org/?p=pkg-ruby-extras/ruby-rack.git;a=summary
BTW, I don't know these issues affect stable packages,
librack-ruby{,1.8,1.9.1}, ver. 1.1.0-4.
# We have dropped them from SVN repos. Thus we should import them into
# team Git repos.
P.S. Thanks Moritz!
At 18 Jan 2013 15:55:23 +0100,
"Moritz Muehlenhoff" wrote:
>
> Package: ruby-rack
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Please see these links for details:
> http://seclists.org/oss-sec/2013/q1/80
> http://seclists.org/oss-sec/2013/q1/83
>
Best Wishes,
- ---
Youhei SASAKI
GPG fingerprint:
4096/RSA: 66A4 EA70 4FE2 4055 8D6A C2E6 9394 F354 891D 7E07
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQ+wxnAAoJEJOU81SJHX4HrewP/3goc7fyxCGG4o8ZoECNjV7Z
zCKE/ya6aRVqvcFEBbSrvo/nh+QZdmMbLb2mu68PV8iEdsa7zYuxH+uGMv5brckN
ST4dOAyUIfAvTBfusgsIDZaJWkOI/5w5t6Cv3hEr5wbBikvkyee40xCrkDklYoU3
Y0/rSsjoIf5CUQwZ9XrSVbf5Z/Jy1RY9mXCJOygQXRwztYPbO8hawO2sv73MQM4W
stTViWues7IgnjAEDPrtYOU3d35bx0MgDwfxcqXr9nDIz6TsnCX34FNiWl9Zw4Lc
6sJhUVKpCImTTwaHSRtvg/HWH75L+qLh6W8isscyh2qR3ZfFRmMgjPcm9Y/X56LI
0KPUuwuQQkOi6dgyY8jR6fk03Bwh1KpnJWfwUvPYHQX9IF5iRJbsfKuyqrqs2HQC
Sv5xrp0eedoxs7Jh9hq4MMAwioM6r3/KtYUB0gyc4/6GxiPnLwGJtH3jcphCjju6
BFyNRVsBc9oS/sH4Npor7Urr7KsMo8SeSmoJLPbqVwPVfbDLgL2LFOr5d3RLXqlU
efJ2XxtIRqPMkzWoBZlWdKoxp3eQ08AMSeRhgJR+7ZG0+j7biSuM2nhRtF1AhVDp
rq3mUzfBQi7MEw4cSFoGHIZVXj5SIX8Mlhou1si5OAww8qbPPx36HvNbxBDXoD4l
EHLfuZ4hvyyg+0DVwtJi
=u1mW
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
