[DRE-maint] Bug#882034: marked as done (ruby-redis-store: CVE-2017-1000248)
Your message dated Fri, 02 Mar 2018 22:47:17 + with message-idand subject line Bug#882034: fixed in ruby-redis-store 1.1.6-1+deb9u1 has caused the Debian Bug report #882034, regarding ruby-redis-store: CVE-2017-1000248 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 882034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882034 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ruby-redis-store Version: 1.1.6-1 Severity: grave Tags: patch security upstream Forwarded: https://github.com/redis-store/redis-store/issues/289 Control: found -1 1.3.0-1 Hi, the following vulnerability was published for ruby-redis-store. CVE-2017-1000248[0]: | Redis-store =v1.3.0 allows unsafe objects to be loaded from redis If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000248 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000248 [1] https://github.com/redis-store/redis-store/issues/289 Regards, Salvatore --- End Message --- --- Begin Message --- Source: ruby-redis-store Source-Version: 1.1.6-1+deb9u1 We believe that the bug you reported is fixed in the latest version of ruby-redis-store, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 882...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cédric Boutillier (supplier of updated ruby-redis-store package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 01 Dec 2017 17:22:29 +0100 Source: ruby-redis-store Binary: ruby-redis-store Architecture: source Version: 1.1.6-1+deb9u1 Distribution: stretch Urgency: high Maintainer: Debian Ruby Extras Maintainers Changed-By: Cédric Boutillier Description: ruby-redis-store - redis stores for Ruby frameworks Closes: 882034 Changes: ruby-redis-store (1.1.6-1+deb9u1) stretch; urgency=high . * Team upload * Add upstream patch to fix CVE-2017-1000248, allowing unsafe objects to be loaded from redis (Closes: #882034) Checksums-Sha1: 4567080e54a3504025b13560045f78d66da62734 1863 ruby-redis-store_1.1.6-1+deb9u1.dsc a52462c2cbce69022fe4a5724059431a0fa89c47 6436 ruby-redis-store_1.1.6-1+deb9u1.debian.tar.xz b8a6b0e807a023650f88ef5feb93577f6b65bbe6 6719 ruby-redis-store_1.1.6-1+deb9u1_amd64.buildinfo Checksums-Sha256: 3c56ca31d0c105953252c63a3caac2bfd0479fb109677a3c0f19a8a80b28af28 1863 ruby-redis-store_1.1.6-1+deb9u1.dsc ac0a0941fd8f9b661dca1f4bf223f2a927e43b658a4a83751afab532136b4070 6436 ruby-redis-store_1.1.6-1+deb9u1.debian.tar.xz 27539d4a8efba972097e5b4ea13f84a58b8121b35a040928bcb05420094c934f 6719 ruby-redis-store_1.1.6-1+deb9u1_amd64.buildinfo Files: c09005074842c9c3632a577a4ccf738c 1863 ruby optional ruby-redis-store_1.1.6-1+deb9u1.dsc 4ae707e48b4e95f08297192ed0c0a027 6436 ruby optional ruby-redis-store_1.1.6-1+deb9u1.debian.tar.xz 0423f7da800cfb6684632216663e74ef 6719 ruby optional ruby-redis-store_1.1.6-1+deb9u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAlqY94cACgkQia+CtznN IXqZTQf+PY5q2f6HO40oQt0WTFJvuT9F+eF1X4OFu6MjwKniP9xiuhUmE+qu/W58 nV8yssYetGW2WDZ4t+FSLOD8EqPDrJGOsc9v+8dOIxVzimQz4Q6f2BF/S74owZVM bJKXSwiGJw4lukCsyjhV4ILx3E31byPxVD3GDXzMczo4BlnV2/JsaEvXjyc2Y80c 7MvClbMU20HZliyxVtV5mUn+1lljFugzW+hqtQgOugdHSsgS/motDceH/HM6NAJV W8/CdOK5YNdEWAotLkvyrK6bJnJd+KC7OpyD3eSU//snMRLUTGxI6UJWv1OwUWYB LaejPB+PgrFoSqhXaAcji2BN4U4vYw== =tjtj -END PGP SIGNATURE End Message --- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#882034: marked as done (ruby-redis-store: CVE-2017-1000248)
Your message dated Wed, 29 Nov 2017 10:05:12 + with message-idand subject line Bug#882034: fixed in ruby-redis-store 1.1.6-2 has caused the Debian Bug report #882034, regarding ruby-redis-store: CVE-2017-1000248 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 882034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882034 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ruby-redis-store Version: 1.1.6-1 Severity: grave Tags: patch security upstream Forwarded: https://github.com/redis-store/redis-store/issues/289 Control: found -1 1.3.0-1 Hi, the following vulnerability was published for ruby-redis-store. CVE-2017-1000248[0]: | Redis-store =v1.3.0 allows unsafe objects to be loaded from redis If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000248 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000248 [1] https://github.com/redis-store/redis-store/issues/289 Regards, Salvatore --- End Message --- --- Begin Message --- Source: ruby-redis-store Source-Version: 1.1.6-2 We believe that the bug you reported is fixed in the latest version of ruby-redis-store, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 882...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cédric Boutillier (supplier of updated ruby-redis-store package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 29 Nov 2017 10:09:20 +0100 Source: ruby-redis-store Binary: ruby-redis-store Architecture: source Version: 1.1.6-2 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers Changed-By: Cédric Boutillier Description: ruby-redis-store - redis stores for Ruby frameworks Closes: 882034 Changes: ruby-redis-store (1.1.6-2) unstable; urgency=medium . * Team upload * Gpb configuration for unstable * Add upstream patch to fix CVE-2017-1000248, allowing unsafe objects to be loaded from redis (Closes: #882034) * Use https:// in Vcs-* fields * Bump Standards-Version to 4.1.1 (no changes needed) * Bump debhelper compatibility level to 10 Checksums-Sha1: a6246a8acbd7492b44d3df2b904a2efc27009f1a 1822 ruby-redis-store_1.1.6-2.dsc d8890f6e4cdd99763fa81fd295091f7ee047a856 6456 ruby-redis-store_1.1.6-2.debian.tar.xz 4176cd930d5651d512818183d5ba94ccba3ae58f 6462 ruby-redis-store_1.1.6-2_source.buildinfo Checksums-Sha256: 31625c73a492652652d756017f4f7dca8bb7a1b21df63ba4fd596a2a35dded68 1822 ruby-redis-store_1.1.6-2.dsc 01e8dbbb1b302fc8d30d1267b95c0f8f2e94271b5ec554b7679791017671a9e5 6456 ruby-redis-store_1.1.6-2.debian.tar.xz 8f580728e16d21ff57b6605bea76be27510f6a54675587fbcb1ed2e437bd6190 6462 ruby-redis-store_1.1.6-2_source.buildinfo Files: d2e4cb9654789a8960325cfb26d55d4c 1822 ruby optional ruby-redis-store_1.1.6-2.dsc 44150e73b4b39e8974b126ddbe5caebc 6456 ruby optional ruby-redis-store_1.1.6-2.debian.tar.xz 2b8e0e4c626105d2483be566d944f2ea 6462 ruby optional ruby-redis-store_1.1.6-2_source.buildinfo -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAloegBUACgkQia+CtznN IXoXYQf/er/2AeT1yBiCggDZYdYoBWdiRJ1BK0GOIl10FtefckyT+Q9nKV3BXQ3l rVLiS4J0bWHyAuFL5eqDraZM5gv7wuNFbt66SnZorRopZLx8wK+7uHra/bAJc812 Jnr1HEo3yHU9a1AGEoFOIH7UytK/ULQdbRipYS86lKclO64seXHkji6AewnHpX/4 60AZeEzZa7pqtQrNMFnwsKs+b2BzXlDkY83OJnhf+eJaOD9NAn9jwCAgP6PNluJl PmB70Mf4pUuq/jCVy+ra0EQCtuFMflMP0iDlWWeBgQP1JC0pv1jovaT3pbGmKGZ/ gqQiEsa023Df6g5ZP/B+bqHzh67ZiA== =WYFf -END PGP SIGNATURE End Message --- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#882034: marked as done (ruby-redis-store: CVE-2017-1000248)
Your message dated Wed, 29 Nov 2017 07:34:00 + with message-idand subject line Bug#882034: fixed in ruby-redis-store 1.3.0-2 has caused the Debian Bug report #882034, regarding ruby-redis-store: CVE-2017-1000248 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 882034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882034 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ruby-redis-store Version: 1.1.6-1 Severity: grave Tags: patch security upstream Forwarded: https://github.com/redis-store/redis-store/issues/289 Control: found -1 1.3.0-1 Hi, the following vulnerability was published for ruby-redis-store. CVE-2017-1000248[0]: | Redis-store =v1.3.0 allows unsafe objects to be loaded from redis If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000248 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000248 [1] https://github.com/redis-store/redis-store/issues/289 Regards, Salvatore --- End Message --- --- Begin Message --- Source: ruby-redis-store Source-Version: 1.3.0-2 We believe that the bug you reported is fixed in the latest version of ruby-redis-store, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 882...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cédric Boutillier (supplier of updated ruby-redis-store package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 29 Nov 2017 00:36:16 +0100 Source: ruby-redis-store Binary: ruby-redis-store Architecture: source Version: 1.3.0-2 Distribution: experimental Urgency: medium Maintainer: Debian Ruby Extras Maintainers Changed-By: Cédric Boutillier Description: ruby-redis-store - redis stores for Ruby frameworks Closes: 882034 Changes: ruby-redis-store (1.3.0-2) experimental; urgency=medium . * Team upload * Import patch from upstream + fixes [CVE-2017-1000248] allowing unsafe objects to be loaded from redis + (Closes: #882034) Checksums-Sha1: d11b4da0b09067880e2e176607cf8eba24be98ee 1822 ruby-redis-store_1.3.0-2.dsc da22be3cb7d3c3452dd6992d6579f216978163e8 6928 ruby-redis-store_1.3.0-2.debian.tar.xz 23c00166fc1b855d31587a865c326166b9897380 6462 ruby-redis-store_1.3.0-2_source.buildinfo Checksums-Sha256: 0b73e69d3303cb9012ab4c58eeccc5a20fb2f6009c6d0ed2f36967a9a3eeac22 1822 ruby-redis-store_1.3.0-2.dsc 250b65e8149dfbd250f6ca932bdbb698c3407faf4d94844f5bfc78c0499b6b27 6928 ruby-redis-store_1.3.0-2.debian.tar.xz affbce6361b07f143df7575839fd75a91157475642a7a0006ca8bdd66f7283e5 6462 ruby-redis-store_1.3.0-2_source.buildinfo Files: e58918a4f38ac3987c7a36184a9d4458 1822 ruby optional ruby-redis-store_1.3.0-2.dsc b452076d28964bb870b17bb7c3d409ca 6928 ruby optional ruby-redis-store_1.3.0-2.debian.tar.xz a4bed16ddb4793619e41804825dc4121 6462 ruby optional ruby-redis-store_1.3.0-2_source.buildinfo -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAloeXa4ACgkQia+CtznN IXrfEwf/WuPUV0sM0AoB7yM4igBUbomNMDvpcnMyA/xEFendH1IbRw9rnl1uZTeT Ox68ENX+pAbACwxhDZVBtXFiWd38KQVenDgJxksNjvt/Ar9SPcPUbDO8Ps84j/Bb qfYXcNsXdY3wCfTC86EOkwag6L7TUUX5aX9EZ09+ULQr8TiRq8kxk5DjI6/N8c9b HOv3FqqIx40YfetcFgqyEbGnb1qNAaLKmoA8RxS67SzNoCKcaWyeDc3ReXCqc1YF WVOnwVa7/wcoVhJm42ecjWjD1w5aUG3j0Fk/EcdC4G7FaUkM32X/Wn32GJfv1Dou NczA523W/Em8HK4GjwzQg4YXItbKXQ== =iNxd -END PGP SIGNATURE End Message --- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers