[DRE-maint] Bug#882034: marked as done (ruby-redis-store: CVE-2017-1000248)

2018-03-02 Thread Debian Bug Tracking System 
Your message dated Fri, 02 Mar 2018 22:47:17 +
with message-id 
and subject line Bug#882034: fixed in ruby-redis-store 1.1.6-1+deb9u1
has caused the Debian Bug report #882034,
regarding ruby-redis-store: CVE-2017-1000248
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882034
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ruby-redis-store
Version: 1.1.6-1
Severity: grave
Tags: patch security upstream
Forwarded: https://github.com/redis-store/redis-store/issues/289
Control: found -1 1.3.0-1

Hi,

the following vulnerability was published for ruby-redis-store.

CVE-2017-1000248[0]:
| Redis-store =v1.3.0 allows unsafe objects to be loaded from redis

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-1000248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000248
[1] https://github.com/redis-store/redis-store/issues/289

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-redis-store
Source-Version: 1.1.6-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
ruby-redis-store, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 882...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cédric Boutillier  (supplier of updated ruby-redis-store 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 01 Dec 2017 17:22:29 +0100
Source: ruby-redis-store
Binary: ruby-redis-store
Architecture: source
Version: 1.1.6-1+deb9u1
Distribution: stretch
Urgency: high
Maintainer: Debian Ruby Extras Maintainers 

Changed-By: Cédric Boutillier 
Description:
 ruby-redis-store - redis stores for Ruby frameworks
Closes: 882034
Changes:
 ruby-redis-store (1.1.6-1+deb9u1) stretch; urgency=high
 .
   * Team upload
   * Add upstream patch to fix CVE-2017-1000248, allowing unsafe objects to be
 loaded from redis (Closes: #882034)
Checksums-Sha1:
 4567080e54a3504025b13560045f78d66da62734 1863 
ruby-redis-store_1.1.6-1+deb9u1.dsc
 a52462c2cbce69022fe4a5724059431a0fa89c47 6436 
ruby-redis-store_1.1.6-1+deb9u1.debian.tar.xz
 b8a6b0e807a023650f88ef5feb93577f6b65bbe6 6719 
ruby-redis-store_1.1.6-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
 3c56ca31d0c105953252c63a3caac2bfd0479fb109677a3c0f19a8a80b28af28 1863 
ruby-redis-store_1.1.6-1+deb9u1.dsc
 ac0a0941fd8f9b661dca1f4bf223f2a927e43b658a4a83751afab532136b4070 6436 
ruby-redis-store_1.1.6-1+deb9u1.debian.tar.xz
 27539d4a8efba972097e5b4ea13f84a58b8121b35a040928bcb05420094c934f 6719 
ruby-redis-store_1.1.6-1+deb9u1_amd64.buildinfo
Files:
 c09005074842c9c3632a577a4ccf738c 1863 ruby optional 
ruby-redis-store_1.1.6-1+deb9u1.dsc
 4ae707e48b4e95f08297192ed0c0a027 6436 ruby optional 
ruby-redis-store_1.1.6-1+deb9u1.debian.tar.xz
 0423f7da800cfb6684632216663e74ef 6719 ruby optional 
ruby-redis-store_1.1.6-1+deb9u1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAlqY94cACgkQia+CtznN
IXqZTQf+PY5q2f6HO40oQt0WTFJvuT9F+eF1X4OFu6MjwKniP9xiuhUmE+qu/W58
nV8yssYetGW2WDZ4t+FSLOD8EqPDrJGOsc9v+8dOIxVzimQz4Q6f2BF/S74owZVM
bJKXSwiGJw4lukCsyjhV4ILx3E31byPxVD3GDXzMczo4BlnV2/JsaEvXjyc2Y80c
7MvClbMU20HZliyxVtV5mUn+1lljFugzW+hqtQgOugdHSsgS/motDceH/HM6NAJV
W8/CdOK5YNdEWAotLkvyrK6bJnJd+KC7OpyD3eSU//snMRLUTGxI6UJWv1OwUWYB
LaejPB+PgrFoSqhXaAcji2BN4U4vYw==
=tjtj
-END PGP SIGNATURE End Message ---
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers

[DRE-maint] Bug#882034: marked as done (ruby-redis-store: CVE-2017-1000248)

2017-11-29 Thread Debian Bug Tracking System 
Your message dated Wed, 29 Nov 2017 10:05:12 +
with message-id 
and subject line Bug#882034: fixed in ruby-redis-store 1.1.6-2
has caused the Debian Bug report #882034,
regarding ruby-redis-store: CVE-2017-1000248
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882034
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ruby-redis-store
Version: 1.1.6-1
Severity: grave
Tags: patch security upstream
Forwarded: https://github.com/redis-store/redis-store/issues/289
Control: found -1 1.3.0-1

Hi,

the following vulnerability was published for ruby-redis-store.

CVE-2017-1000248[0]:
| Redis-store =v1.3.0 allows unsafe objects to be loaded from redis

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-1000248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000248
[1] https://github.com/redis-store/redis-store/issues/289

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-redis-store
Source-Version: 1.1.6-2

We believe that the bug you reported is fixed in the latest version of
ruby-redis-store, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 882...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cédric Boutillier  (supplier of updated ruby-redis-store 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 29 Nov 2017 10:09:20 +0100
Source: ruby-redis-store
Binary: ruby-redis-store
Architecture: source
Version: 1.1.6-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 

Changed-By: Cédric Boutillier 
Description:
 ruby-redis-store - redis stores for Ruby frameworks
Closes: 882034
Changes:
 ruby-redis-store (1.1.6-2) unstable; urgency=medium
 .
   * Team upload
   * Gpb configuration for unstable
   * Add upstream patch to fix CVE-2017-1000248, allowing unsafe objects to be
 loaded from redis (Closes: #882034)
   * Use https:// in Vcs-* fields
   * Bump Standards-Version to 4.1.1 (no changes needed)
   * Bump debhelper compatibility level to 10
Checksums-Sha1:
 a6246a8acbd7492b44d3df2b904a2efc27009f1a 1822 ruby-redis-store_1.1.6-2.dsc
 d8890f6e4cdd99763fa81fd295091f7ee047a856 6456 
ruby-redis-store_1.1.6-2.debian.tar.xz
 4176cd930d5651d512818183d5ba94ccba3ae58f 6462 
ruby-redis-store_1.1.6-2_source.buildinfo
Checksums-Sha256:
 31625c73a492652652d756017f4f7dca8bb7a1b21df63ba4fd596a2a35dded68 1822 
ruby-redis-store_1.1.6-2.dsc
 01e8dbbb1b302fc8d30d1267b95c0f8f2e94271b5ec554b7679791017671a9e5 6456 
ruby-redis-store_1.1.6-2.debian.tar.xz
 8f580728e16d21ff57b6605bea76be27510f6a54675587fbcb1ed2e437bd6190 6462 
ruby-redis-store_1.1.6-2_source.buildinfo
Files:
 d2e4cb9654789a8960325cfb26d55d4c 1822 ruby optional 
ruby-redis-store_1.1.6-2.dsc
 44150e73b4b39e8974b126ddbe5caebc 6456 ruby optional 
ruby-redis-store_1.1.6-2.debian.tar.xz
 2b8e0e4c626105d2483be566d944f2ea 6462 ruby optional 
ruby-redis-store_1.1.6-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAloegBUACgkQia+CtznN
IXoXYQf/er/2AeT1yBiCggDZYdYoBWdiRJ1BK0GOIl10FtefckyT+Q9nKV3BXQ3l
rVLiS4J0bWHyAuFL5eqDraZM5gv7wuNFbt66SnZorRopZLx8wK+7uHra/bAJc812
Jnr1HEo3yHU9a1AGEoFOIH7UytK/ULQdbRipYS86lKclO64seXHkji6AewnHpX/4
60AZeEzZa7pqtQrNMFnwsKs+b2BzXlDkY83OJnhf+eJaOD9NAn9jwCAgP6PNluJl
PmB70Mf4pUuq/jCVy+ra0EQCtuFMflMP0iDlWWeBgQP1JC0pv1jovaT3pbGmKGZ/
gqQiEsa023Df6g5ZP/B+bqHzh67ZiA==
=WYFf
-END PGP SIGNATURE End Message ---
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers

[DRE-maint] Bug#882034: marked as done (ruby-redis-store: CVE-2017-1000248)

2017-11-28 Thread Debian Bug Tracking System 
Your message dated Wed, 29 Nov 2017 07:34:00 +
with message-id 
and subject line Bug#882034: fixed in ruby-redis-store 1.3.0-2
has caused the Debian Bug report #882034,
regarding ruby-redis-store: CVE-2017-1000248
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882034
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ruby-redis-store
Version: 1.1.6-1
Severity: grave
Tags: patch security upstream
Forwarded: https://github.com/redis-store/redis-store/issues/289
Control: found -1 1.3.0-1

Hi,

the following vulnerability was published for ruby-redis-store.

CVE-2017-1000248[0]:
| Redis-store =v1.3.0 allows unsafe objects to be loaded from redis

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-1000248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000248
[1] https://github.com/redis-store/redis-store/issues/289

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-redis-store
Source-Version: 1.3.0-2

We believe that the bug you reported is fixed in the latest version of
ruby-redis-store, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 882...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cédric Boutillier  (supplier of updated ruby-redis-store 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 29 Nov 2017 00:36:16 +0100
Source: ruby-redis-store
Binary: ruby-redis-store
Architecture: source
Version: 1.3.0-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 

Changed-By: Cédric Boutillier 
Description:
 ruby-redis-store - redis stores for Ruby frameworks
Closes: 882034
Changes:
 ruby-redis-store (1.3.0-2) experimental; urgency=medium
 .
   * Team upload
   * Import patch from upstream
 + fixes [CVE-2017-1000248] allowing unsafe objects to be loaded from redis
 + (Closes: #882034)
Checksums-Sha1:
 d11b4da0b09067880e2e176607cf8eba24be98ee 1822 ruby-redis-store_1.3.0-2.dsc
 da22be3cb7d3c3452dd6992d6579f216978163e8 6928 
ruby-redis-store_1.3.0-2.debian.tar.xz
 23c00166fc1b855d31587a865c326166b9897380 6462 
ruby-redis-store_1.3.0-2_source.buildinfo
Checksums-Sha256:
 0b73e69d3303cb9012ab4c58eeccc5a20fb2f6009c6d0ed2f36967a9a3eeac22 1822 
ruby-redis-store_1.3.0-2.dsc
 250b65e8149dfbd250f6ca932bdbb698c3407faf4d94844f5bfc78c0499b6b27 6928 
ruby-redis-store_1.3.0-2.debian.tar.xz
 affbce6361b07f143df7575839fd75a91157475642a7a0006ca8bdd66f7283e5 6462 
ruby-redis-store_1.3.0-2_source.buildinfo
Files:
 e58918a4f38ac3987c7a36184a9d4458 1822 ruby optional 
ruby-redis-store_1.3.0-2.dsc
 b452076d28964bb870b17bb7c3d409ca 6928 ruby optional 
ruby-redis-store_1.3.0-2.debian.tar.xz
 a4bed16ddb4793619e41804825dc4121 6462 ruby optional 
ruby-redis-store_1.3.0-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAloeXa4ACgkQia+CtznN
IXrfEwf/WuPUV0sM0AoB7yM4igBUbomNMDvpcnMyA/xEFendH1IbRw9rnl1uZTeT
Ox68ENX+pAbACwxhDZVBtXFiWd38KQVenDgJxksNjvt/Ar9SPcPUbDO8Ps84j/Bb
qfYXcNsXdY3wCfTC86EOkwag6L7TUUX5aX9EZ09+ULQr8TiRq8kxk5DjI6/N8c9b
HOv3FqqIx40YfetcFgqyEbGnb1qNAaLKmoA8RxS67SzNoCKcaWyeDc3ReXCqc1YF
WVOnwVa7/wcoVhJm42ecjWjD1w5aUG3j0Fk/EcdC4G7FaUkM32X/Wn32GJfv1Dou
NczA523W/Em8HK4GjwzQg4YXItbKXQ==
=iNxd
-END PGP SIGNATURE End Message ---
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers