Package: ruby-passenger Version: 4.0.53-1 Severity: important Tags: security upstream patch
Hi, The following vulnerability was published for passenger and fixed in Squeeze and Stretch. It has not been fixed in Jessie nor Wheezy as the source package differ, hence this report. https://security-tracker.debian.org/tracker/CVE-2015-7519 Header overwriting issue If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: https://security-tracker.debian.org/tracker/CVE-2015-7519 https://bugzilla.suse.com/show_bug.cgi?id=956281 https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807354 Cheers, Loic -- System Information: Debian Release: 8.8 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.10.0-22-generic Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages ruby-passenger depends on: ii libc6 2.19-18+deb8u9 ii libcurl3 7.38.0-4+deb8u5 ii libev4 1:4.15-3 ii libgcc1 1:4.9.2-10 ii libjsoncpp0 0.6.0~rc2-3.1 ii libruby2.1 2.1.5-2+deb8u3 ii libstdc++6 4.9.2-10 ii ruby 1:2.1.5+deb8u2 ii ruby-rack 1.5.2-3+deb8u1 ii zlib1g 1:1.2.8.dfsg-2+b1 ruby-passenger recommends no packages. Versions of packages ruby-passenger suggests: pn nodejs <none> ii python 2.7.9-1 pn rails <none> pn ruby-passenger-doc <none> -- no debconf information
