Bug#698440: [DRE-maint] Bug#698440: ruby-rack: CVE-2012-6109 CVE-2013-0184 CVE-2013-0183
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, At 22 Jan 2013 08:36:22 +0900, "Nobuhiro Iwamatsu" wrote: > > Looks good to me. Thank you for your review. I'll upload it. > > BTW, I don't know these issues affect stable packages, > > librack-ruby{,1.8,1.9.1}, ver. 1.1.0-4. > > I seem to need 0003-Reimplement-auth-scheme-fix.patch. > Please consult about this to security team. Ok. Best Wishes, Youhei - --- Youhei SASAKI GPG fingerprint: 4096/RSA: 66A4 EA70 4FE2 4055 8D6A C2E6 9394 F354 891D 7E07 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJRA/3rAAoJEJOU81SJHX4H1eAP/i5PXQptLxUI/zHxep9s0vPc Q3bFOS3dA+52q/kjHwOBEagP0/L3Z11+nn84bqgH4TxnQrCB1dOgb3rWNMy8fNPT osP3YWpDEmmzdBfcqMGHd7N/L43TxKypUfKKSZZo8FY7xxdeAN9yjkEV0M/DUm2l TA4HK9j2ozDxCDTEvY9PtZyKyAGBpEBL+1J6SGDxDpyQe0isQLlU5c/t80sxhneK QJ9XYNlbz8afNqaFwvQ6A3c/LvMpvuw8DsvqarWIpzxF0BlY55EwCikMuA9KkFfw JhS9BbquJWea/tPT2iiT2KiQIfuDjy9Grn69eVwUKf8jrSH9b6GwWthZp8drmYXW /ay+skFkhohtKnT0tI2zRRlSgBtGevgmEzNS+6g7rGYw6iMszLKuN8Xn0FYjm5Hl Oi/lM/wNaSc1s/+aA2GwS6nUAwdfjC9r6TTsPVdpbdKAxcwYDdsatZYKEdGWw7TW 6WR+DgblbDF3J5FgFcWW21HZan/t2MAX0Bs35ljsi00fu/Khkf4W5RVVd3tl+Bsd wSNblF4+kZL3vG4ixcA0BbWyc70z8AqN8HZfAXhidJoMg7gKy3dRHCm/oEWGrFHb OQ2NgZuEBP9MIjQyQxvyoEuuh85yWWdxcm1J/YmN+quqIuaZ2uEqCP1TnyQLJ8B5 9JxXmtC7ixyT3VxOGAZI =YP9S -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#698440: [DRE-maint] Bug#698440: ruby-rack: CVE-2012-6109 CVE-2013-0184 CVE-2013-0183
Hi, On Sun, Jan 20, 2013 at 6:13 AM, Youhei SASAKI wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Dear team member: > (Cc: BTS, security team) > > I created cherry-picked patches from upstream, in order to fix these CVE > issues and commit team git repository. Please review for upload. Looks good to me. > > Vcs-Git: git://git.debian.org/pkg-ruby-extras/ruby-rack.git > Vcs-Browser: > http://git.debian.org/?p=pkg-ruby-extras/ruby-rack.git;a=summary > > BTW, I don't know these issues affect stable packages, > librack-ruby{,1.8,1.9.1}, ver. 1.1.0-4. I seem to need 0003-Reimplement-auth-scheme-fix.patch. Please consult about this to security team. > > # We have dropped them from SVN repos. Thus we should import them into > # team Git repos. > > P.S. Thanks Moritz! > > At 18 Jan 2013 15:55:23 +0100, > "Moritz Muehlenhoff" wrote: >> >> Package: ruby-rack >> Severity: grave >> Tags: security >> Justification: user security hole >> >> Please see these links for details: >> http://seclists.org/oss-sec/2013/q1/80 >> http://seclists.org/oss-sec/2013/q1/83 >> > > Best Wishes, > - --- > Youhei SASAKI > > GPG fingerprint: > 4096/RSA: 66A4 EA70 4FE2 4055 8D6A C2E6 9394 F354 891D 7E07 > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQIcBAEBCgAGBQJQ+wxnAAoJEJOU81SJHX4HrewP/3goc7fyxCGG4o8ZoECNjV7Z > zCKE/ya6aRVqvcFEBbSrvo/nh+QZdmMbLb2mu68PV8iEdsa7zYuxH+uGMv5brckN > ST4dOAyUIfAvTBfusgsIDZaJWkOI/5w5t6Cv3hEr5wbBikvkyee40xCrkDklYoU3 > Y0/rSsjoIf5CUQwZ9XrSVbf5Z/Jy1RY9mXCJOygQXRwztYPbO8hawO2sv73MQM4W > stTViWues7IgnjAEDPrtYOU3d35bx0MgDwfxcqXr9nDIz6TsnCX34FNiWl9Zw4Lc > 6sJhUVKpCImTTwaHSRtvg/HWH75L+qLh6W8isscyh2qR3ZfFRmMgjPcm9Y/X56LI > 0KPUuwuQQkOi6dgyY8jR6fk03Bwh1KpnJWfwUvPYHQX9IF5iRJbsfKuyqrqs2HQC > Sv5xrp0eedoxs7Jh9hq4MMAwioM6r3/KtYUB0gyc4/6GxiPnLwGJtH3jcphCjju6 > BFyNRVsBc9oS/sH4Npor7Urr7KsMo8SeSmoJLPbqVwPVfbDLgL2LFOr5d3RLXqlU > efJ2XxtIRqPMkzWoBZlWdKoxp3eQ08AMSeRhgJR+7ZG0+j7biSuM2nhRtF1AhVDp > rq3mUzfBQi7MEw4cSFoGHIZVXj5SIX8Mlhou1si5OAww8qbPPx36HvNbxBDXoD4l > EHLfuZ4hvyyg+0DVwtJi > =u1mW > -END PGP SIGNATURE- > > ___ > Pkg-ruby-extras-maintainers mailing list > pkg-ruby-extras-maintain...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers Best regards, Nobuhiro -- Nobuhiro Iwamatsu iwamatsu at {nigauri.org / debian.org} GPG ID: 40AD1FA6 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#698440: [DRE-maint] Bug#698440: ruby-rack: CVE-2012-6109 CVE-2013-0184 CVE-2013-0183
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear team member: (Cc: BTS, security team) I created cherry-picked patches from upstream, in order to fix these CVE issues and commit team git repository. Please review for upload. Vcs-Git: git://git.debian.org/pkg-ruby-extras/ruby-rack.git Vcs-Browser: http://git.debian.org/?p=pkg-ruby-extras/ruby-rack.git;a=summary BTW, I don't know these issues affect stable packages, librack-ruby{,1.8,1.9.1}, ver. 1.1.0-4. # We have dropped them from SVN repos. Thus we should import them into # team Git repos. P.S. Thanks Moritz! At 18 Jan 2013 15:55:23 +0100, "Moritz Muehlenhoff" wrote: > > Package: ruby-rack > Severity: grave > Tags: security > Justification: user security hole > > Please see these links for details: > http://seclists.org/oss-sec/2013/q1/80 > http://seclists.org/oss-sec/2013/q1/83 > Best Wishes, - --- Youhei SASAKI GPG fingerprint: 4096/RSA: 66A4 EA70 4FE2 4055 8D6A C2E6 9394 F354 891D 7E07 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQ+wxnAAoJEJOU81SJHX4HrewP/3goc7fyxCGG4o8ZoECNjV7Z zCKE/ya6aRVqvcFEBbSrvo/nh+QZdmMbLb2mu68PV8iEdsa7zYuxH+uGMv5brckN ST4dOAyUIfAvTBfusgsIDZaJWkOI/5w5t6Cv3hEr5wbBikvkyee40xCrkDklYoU3 Y0/rSsjoIf5CUQwZ9XrSVbf5Z/Jy1RY9mXCJOygQXRwztYPbO8hawO2sv73MQM4W stTViWues7IgnjAEDPrtYOU3d35bx0MgDwfxcqXr9nDIz6TsnCX34FNiWl9Zw4Lc 6sJhUVKpCImTTwaHSRtvg/HWH75L+qLh6W8isscyh2qR3ZfFRmMgjPcm9Y/X56LI 0KPUuwuQQkOi6dgyY8jR6fk03Bwh1KpnJWfwUvPYHQX9IF5iRJbsfKuyqrqs2HQC Sv5xrp0eedoxs7Jh9hq4MMAwioM6r3/KtYUB0gyc4/6GxiPnLwGJtH3jcphCjju6 BFyNRVsBc9oS/sH4Npor7Urr7KsMo8SeSmoJLPbqVwPVfbDLgL2LFOr5d3RLXqlU efJ2XxtIRqPMkzWoBZlWdKoxp3eQ08AMSeRhgJR+7ZG0+j7biSuM2nhRtF1AhVDp rq3mUzfBQi7MEw4cSFoGHIZVXj5SIX8Mlhou1si5OAww8qbPPx36HvNbxBDXoD4l EHLfuZ4hvyyg+0DVwtJi =u1mW -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org