Your message dated Sat, 13 Jun 2009 15:38:40 +0000
with message-id <e1mfvjy-00065f...@ries.debian.org>
and subject line Bug#532689: fixed in ruby1.8 1.8.7.173-1
has caused the Debian Bug report #532689,
regarding DoS vulnerability in BigDecimal Ruby Library
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
532689: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ruby1.8
Version: 1.8.7.72-3
Severity: serious
Tags: BigDecimal ruby
This is a copy of the bug report at
https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/385436
A denial of service (DoS) vulnerability was found on the BigDecimal
standard library of Ruby. Conversion from BigDecimal objects into
Float numbers had a problem which enables attackers to effectively
cause segmentation faults.
Refer to the following URLs for complete information:
http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby
Affected 1.8 series
* 1.8.6-p368 and all prior versions
* 1.8.7-p160 and all prior versions
All 1.9.1 versions are not affected by this issue.
--- End Message ---
--- Begin Message ---
Source: ruby1.8
Source-Version: 1.8.7.173-1
We believe that the bug you reported is fixed in the latest version of
ruby1.8, which is due to be installed in the Debian FTP archive:
irb1.8_1.8.7.173-1_all.deb
to pool/main/r/ruby1.8/irb1.8_1.8.7.173-1_all.deb
libdbm-ruby1.8_1.8.7.173-1_amd64.deb
to pool/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.173-1_amd64.deb
libgdbm-ruby1.8_1.8.7.173-1_amd64.deb
to pool/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.173-1_amd64.deb
libopenssl-ruby1.8_1.8.7.173-1_amd64.deb
to pool/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.173-1_amd64.deb
libreadline-ruby1.8_1.8.7.173-1_amd64.deb
to pool/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.173-1_amd64.deb
libruby1.8-dbg_1.8.7.173-1_amd64.deb
to pool/main/r/ruby1.8/libruby1.8-dbg_1.8.7.173-1_amd64.deb
libruby1.8_1.8.7.173-1_amd64.deb
to pool/main/r/ruby1.8/libruby1.8_1.8.7.173-1_amd64.deb
libtcltk-ruby1.8_1.8.7.173-1_amd64.deb
to pool/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.173-1_amd64.deb
rdoc1.8_1.8.7.173-1_all.deb
to pool/main/r/ruby1.8/rdoc1.8_1.8.7.173-1_all.deb
ri1.8_1.8.7.173-1_all.deb
to pool/main/r/ruby1.8/ri1.8_1.8.7.173-1_all.deb
ruby1.8-dev_1.8.7.173-1_amd64.deb
to pool/main/r/ruby1.8/ruby1.8-dev_1.8.7.173-1_amd64.deb
ruby1.8-elisp_1.8.7.173-1_all.deb
to pool/main/r/ruby1.8/ruby1.8-elisp_1.8.7.173-1_all.deb
ruby1.8-examples_1.8.7.173-1_all.deb
to pool/main/r/ruby1.8/ruby1.8-examples_1.8.7.173-1_all.deb
ruby1.8_1.8.7.173-1.diff.gz
to pool/main/r/ruby1.8/ruby1.8_1.8.7.173-1.diff.gz
ruby1.8_1.8.7.173-1.dsc
to pool/main/r/ruby1.8/ruby1.8_1.8.7.173-1.dsc
ruby1.8_1.8.7.173-1_amd64.deb
to pool/main/r/ruby1.8/ruby1.8_1.8.7.173-1_amd64.deb
ruby1.8_1.8.7.173.orig.tar.gz
to pool/main/r/ruby1.8/ruby1.8_1.8.7.173.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 532...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daigo Moriwaki <da...@debian.org> (supplier of updated ruby1.8 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 13 Jun 2009 11:34:34 +0900
Source: ruby1.8
Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libdbm-ruby1.8
libgdbm-ruby1.8 libreadline-ruby1.8 libtcltk-ruby1.8 libopenssl-ruby1.8
ruby1.8-examples ruby1.8-elisp ri1.8 rdoc1.8 irb1.8
Architecture: source all amd64
Version: 1.8.7.173-1
Distribution: unstable
Urgency: high
Maintainer: akira yamada <ak...@debian.org>
Changed-By: Daigo Moriwaki <da...@debian.org>
Description:
irb1.8 - Interactive Ruby (for Ruby 1.8)
libdbm-ruby1.8 - DBM interface for Ruby 1.8
libgdbm-ruby1.8 - GDBM interface for Ruby 1.8
libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8
libreadline-ruby1.8 - Readline interface for Ruby 1.8
libruby1.8 - Libraries necessary to run Ruby 1.8
libruby1.8-dbg - Debugging symbols for Ruby 1.8
libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
rdoc1.8 - Generate documentation from Ruby source files (for Ruby 1.8)
ri1.8 - Ruby Interactive reference (for Ruby 1.8)
ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8
ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
ruby1.8-elisp - ruby-mode for Emacsen
ruby1.8-examples - Examples for Ruby 1.8
Closes: 532689
Changes:
ruby1.8 (1.8.7.173-1) unstable; urgency=high
.
* New upstream release.
* removed unnecessary patchs under debian/patches:
- 168_rexml_dos.dpatch
- 801_update_sample_README
- 807_sync_try_lock_always_fail.dpatch
- 905_class_dup_should_copy_constants.dpatch
- 090301_r22646_OCSP_basic_verify.dpatch
* Added a patch: debian/patches/090613_exclude_rdoc.dpatch
* Added debian/libopenssl-ruby1.8.lintian-overrides
* The upstream has fixed the DoS vulnerability in BigDecimal Ruby
Library (CVE-2009-1904; Closes: #532689)
* debian/control:
- Bumped up Standards-Version to 3.8.1.
- Corrected sections.
Checksums-Sha1:
930f1d722e249bf327596f2c2a4908e7aa5927eb 1632 ruby1.8_1.8.7.173-1.dsc
8f3bf47b6390843270a1408d11d14341e411c101 4823322 ruby1.8_1.8.7.173.orig.tar.gz
bcf4f9fdc9ecbcdfd9a2eb6ea0034a53ba317af2 47008 ruby1.8_1.8.7.173-1.diff.gz
18ad276bdeff6bfa7c31fcdb32918d673dfdbc73 316730
ruby1.8-examples_1.8.7.173-1_all.deb
b74e16d15a16c21a48e3766ee519650a5738fa22 283880
ruby1.8-elisp_1.8.7.173-1_all.deb
4d338fb96c90a8baacea64e9f8bb5574238cbc93 1397440 ri1.8_1.8.7.173-1_all.deb
27444c89436bba9b2bf1149012e47769cec1c84b 384994 rdoc1.8_1.8.7.173-1_all.deb
e2abbf7f2624cc2e0a73b6332408c94de8397d60 310774 irb1.8_1.8.7.173-1_all.deb
dc0476c8e3fada4237284b55165cfe998bccafa6 290598 ruby1.8_1.8.7.173-1_amd64.deb
fb41c2546466333b2734b31318ea9c12f4df541a 1747422
libruby1.8_1.8.7.173-1_amd64.deb
2f38649a44f3d937252f02e43e0997e88f1e40a8 1550606
libruby1.8-dbg_1.8.7.173-1_amd64.deb
bfd2ab142b20709aeed96cf28724301a5761bbe4 875166
ruby1.8-dev_1.8.7.173-1_amd64.deb
cb17b470f9bf6d2426130d28d1d1abd64b980986 272500
libdbm-ruby1.8_1.8.7.173-1_amd64.deb
392832daaff54223128f0d5a8dba99fa45e53be7 271700
libgdbm-ruby1.8_1.8.7.173-1_amd64.deb
0c4a02543a0c2913e00ada6ec52c644e3b51f7fa 271294
libreadline-ruby1.8_1.8.7.173-1_amd64.deb
16357c29440418f593656f26a16984ed40a89053 1997626
libtcltk-ruby1.8_1.8.7.173-1_amd64.deb
e3aed4d51e239556b598b3e9cf964bf52faa2364 398688
libopenssl-ruby1.8_1.8.7.173-1_amd64.deb
Checksums-Sha256:
924707576181f6b00b152a9e1df4f01a5edd3aba0c07bc462ab7a0d2485ff905 1632
ruby1.8_1.8.7.173-1.dsc
89ad16522f0a2f91e83e418e63cd27ec0fa6e40b17118c29f48b24468490a662 4823322
ruby1.8_1.8.7.173.orig.tar.gz
0dff7e6a4bf1f3096815b52f1251aec848760b5e22afb8f8834e9e718c707016 47008
ruby1.8_1.8.7.173-1.diff.gz
4fec7838082c53d1802ccb0992806a0bcf135dfbf097257e8ba51d40e8291955 316730
ruby1.8-examples_1.8.7.173-1_all.deb
28091f376a4429fc716e090914b568e3ac275b9e3e1a78c3fcac31587ffb0bc2 283880
ruby1.8-elisp_1.8.7.173-1_all.deb
6c47229bd013888c62ac763171f1b53b4c120b5d5b9ba2f6c55c8e056df136cd 1397440
ri1.8_1.8.7.173-1_all.deb
cac809923fabd94464ab2d0f4716d5d2fc52f0e7ba5308c8c0130f94921bce1d 384994
rdoc1.8_1.8.7.173-1_all.deb
86b39225937527a5eaa13c6cf83c68f4476a51e6526c1302618362cee3d9c584 310774
irb1.8_1.8.7.173-1_all.deb
c815438d91b792f57adbc27cd1ccc2669825812f2562f921e32a13e547e7f4bb 290598
ruby1.8_1.8.7.173-1_amd64.deb
01f8fa61c72fe0473f428c021113ee313bc8fdb5ffaaf95858186b3f6ff06e2d 1747422
libruby1.8_1.8.7.173-1_amd64.deb
f7eff274c1c4079ff56c7ee7eee8aeb0cc8a534b6d2687f48e88a791a5b62fb1 1550606
libruby1.8-dbg_1.8.7.173-1_amd64.deb
da1b746a873fa489ce9eeece5f684699cfed04c268f37a262ebb90cb52221bd5 875166
ruby1.8-dev_1.8.7.173-1_amd64.deb
217c5990063bfb1a2d4ea489e64b4933875b1a31448e3c928078492756fdbccd 272500
libdbm-ruby1.8_1.8.7.173-1_amd64.deb
fc71c8b4bf6bacfd8f9193db4ec15b34ee11e909bf48e86d7aa633a790199a95 271700
libgdbm-ruby1.8_1.8.7.173-1_amd64.deb
9f58160655b5d117ba26bbc7531bddbd45711858485772433373f9d3d826a07c 271294
libreadline-ruby1.8_1.8.7.173-1_amd64.deb
d2c5b01d0e2a8a41db8765fb92f07aad96e4950e97268c6ca3cc7cb2e4085217 1997626
libtcltk-ruby1.8_1.8.7.173-1_amd64.deb
d4377e82a9a058013f51beedf1bfe58d28fba7d302582067af3eeaafc2665977 398688
libopenssl-ruby1.8_1.8.7.173-1_amd64.deb
Files:
95fbffc88e701637a42e517edd65884e 1632 ruby optional ruby1.8_1.8.7.173-1.dsc
74fbd67496ab7cc4de896d053f1507a5 4823322 ruby optional
ruby1.8_1.8.7.173.orig.tar.gz
b16723336b609d083d74ad6343a04d24 47008 ruby optional
ruby1.8_1.8.7.173-1.diff.gz
0212eef75310302f5a69a030d0cab168 316730 ruby optional
ruby1.8-examples_1.8.7.173-1_all.deb
18682cdba1b2284752269e08fa90b018 283880 lisp optional
ruby1.8-elisp_1.8.7.173-1_all.deb
e4f9f77e15c1248a83f9cb57e6953a5c 1397440 doc optional ri1.8_1.8.7.173-1_all.deb
65414a4604299b0dcfca51ae5e4da981 384994 doc optional
rdoc1.8_1.8.7.173-1_all.deb
cb397dfd0771a0a7d1cf45ded6095ada 310774 ruby optional
irb1.8_1.8.7.173-1_all.deb
0fe74124f38a994a21663710c613e85a 290598 ruby optional
ruby1.8_1.8.7.173-1_amd64.deb
2b4bef2fcbc8c7280fafaadc1bea4923 1747422 ruby optional
libruby1.8_1.8.7.173-1_amd64.deb
8523d3d769ad3153ad9d70a7adc09dbe 1550606 debug extra
libruby1.8-dbg_1.8.7.173-1_amd64.deb
89040ce209246b1022f3f073f82ff5b0 875166 ruby optional
ruby1.8-dev_1.8.7.173-1_amd64.deb
0582647d7d5315381d80a5736eb6e9cc 272500 ruby optional
libdbm-ruby1.8_1.8.7.173-1_amd64.deb
0681847aa81907f8ee8c1ef5f2cc23ab 271700 ruby optional
libgdbm-ruby1.8_1.8.7.173-1_amd64.deb
6a9dc6a26db177391a90f9aaf5b05ea2 271294 ruby optional
libreadline-ruby1.8_1.8.7.173-1_amd64.deb
77e9a03efb4a4e6f1c7a1db5638c22c4 1997626 ruby optional
libtcltk-ruby1.8_1.8.7.173-1_amd64.deb
18a3541c694616a4a33661a40c28a404 398688 ruby optional
libopenssl-ruby1.8_1.8.7.173-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkozwogACgkQNcPj+ukc0lBAEACffka2d8aCQE3d+Ah2ZbLf9xyN
/QAAoNDp8TLXl4qUbwkZ7oDEaPjpJoWg
=yf+Z
-----END PGP SIGNATURE-----
--- End Message ---