Bug#453689: marked as done (ruby-gnome2: CVE-2007-6183 format string vulnerability)

Mon, 03 Dec 2007 12:03:11 -0800 

Your message dated Mon, 03 Dec 2007 19:44:13 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#453689: fixed in ruby-gnome2 0.16.0-10
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: ruby-gnome2
Version: 0.12.0-2
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ruby-gnome2.

CVE-2007-6183[0]:
| Format string vulnerability in the mdiag_initialize function in
| gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN
| versions before 20071127, allows context-dependent attackers to execute
| arbitrary code via format string specifiers in the message parameter.

until now this seems to be reserved, in the meantime check:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6183 instead of the mitre site.
A patch for this can be found on:
http://ruby-gnome2.svn.sourceforge.net/viewvc/ruby-gnome2/ruby-gnome2/trunk/gtk/src/rbgtkmessagedialog.c?r1=2275&r2=2720&view=patch

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6183

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgp28g2HqyRQ3.pgp
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: ruby-gnome2
Source-Version: 0.16.0-10

We believe that the bug you reported is fixed in the latest version of
ruby-gnome2, which is due to be installed in the Debian FTP archive:

libart2-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libart2-ruby1.8_0.16.0-10_amd64.deb
libart2-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libart2-ruby_0.16.0-10_all.deb
libatk1-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libatk1-ruby1.8_0.16.0-10_amd64.deb
libatk1-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libatk1-ruby_0.16.0-10_all.deb
libgconf2-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libgconf2-ruby1.8_0.16.0-10_amd64.deb
libgconf2-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libgconf2-ruby_0.16.0-10_all.deb
libgdk-pixbuf2-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libgdk-pixbuf2-ruby1.8_0.16.0-10_amd64.deb
libgdk-pixbuf2-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.16.0-10_all.deb
libglade2-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libglade2-ruby1.8_0.16.0-10_amd64.deb
libglade2-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libglade2-ruby_0.16.0-10_all.deb
libglib2-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libglib2-ruby1.8_0.16.0-10_amd64.deb
libglib2-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libglib2-ruby_0.16.0-10_all.deb
libgnome2-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libgnome2-ruby1.8_0.16.0-10_amd64.deb
libgnome2-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libgnome2-ruby_0.16.0-10_all.deb
libgnomecanvas2-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libgnomecanvas2-ruby1.8_0.16.0-10_amd64.deb
libgnomecanvas2-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.16.0-10_all.deb
libgnomeprint2-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libgnomeprint2-ruby1.8_0.16.0-10_amd64.deb
libgnomeprint2-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libgnomeprint2-ruby_0.16.0-10_all.deb
libgnomeprintui2-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libgnomeprintui2-ruby1.8_0.16.0-10_amd64.deb
libgnomeprintui2-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.16.0-10_all.deb
libgnomevfs2-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libgnomevfs2-ruby1.8_0.16.0-10_amd64.deb
libgnomevfs2-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libgnomevfs2-ruby_0.16.0-10_all.deb
libgtk-mozembed-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libgtk-mozembed-ruby1.8_0.16.0-10_amd64.deb
libgtk-mozembed-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libgtk-mozembed-ruby_0.16.0-10_all.deb
libgtk2-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libgtk2-ruby1.8_0.16.0-10_amd64.deb
libgtk2-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libgtk2-ruby_0.16.0-10_all.deb
libgtkglext1-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libgtkglext1-ruby1.8_0.16.0-10_amd64.deb
libgtkglext1-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libgtkglext1-ruby_0.16.0-10_all.deb
libgtkhtml2-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libgtkhtml2-ruby1.8_0.16.0-10_amd64.deb
libgtkhtml2-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libgtkhtml2-ruby_0.16.0-10_all.deb
libgtksourceview1-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libgtksourceview1-ruby1.8_0.16.0-10_amd64.deb
libgtksourceview1-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libgtksourceview1-ruby_0.16.0-10_all.deb
libpanel-applet2-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libpanel-applet2-ruby1.8_0.16.0-10_amd64.deb
libpanel-applet2-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libpanel-applet2-ruby_0.16.0-10_all.deb
libpango1-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libpango1-ruby1.8_0.16.0-10_amd64.deb
libpango1-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libpango1-ruby_0.16.0-10_all.deb
libpoppler-glib-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libpoppler-glib-ruby1.8_0.16.0-10_amd64.deb
libpoppler-glib-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libpoppler-glib-ruby_0.16.0-10_all.deb
librsvg2-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/librsvg2-ruby1.8_0.16.0-10_amd64.deb
librsvg2-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/librsvg2-ruby_0.16.0-10_all.deb
libvte-ruby1.8_0.16.0-10_amd64.deb
  to pool/main/r/ruby-gnome2/libvte-ruby1.8_0.16.0-10_amd64.deb
libvte-ruby_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/libvte-ruby_0.16.0-10_all.deb
ruby-gnome2_0.16.0-10.diff.gz
  to pool/main/r/ruby-gnome2/ruby-gnome2_0.16.0-10.diff.gz
ruby-gnome2_0.16.0-10.dsc
  to pool/main/r/ruby-gnome2/ruby-gnome2_0.16.0-10.dsc
ruby-gnome2_0.16.0-10_all.deb
  to pool/main/r/ruby-gnome2/ruby-gnome2_0.16.0-10_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Arnaud Cornet <[EMAIL PROTECTED]> (supplier of updated ruby-gnome2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 30 Nov 2007 08:57:32 +0100
Source: ruby-gnome2
Binary: libpango1-ruby1.8 libatk1-ruby libgtk2-ruby1.8 libgnome2-ruby1.8 
libpanel-applet2-ruby libgnomecanvas2-ruby1.8 libgnomecanvas2-ruby 
libgdk-pixbuf2-ruby1.8 libglib2-ruby1.8 libglade2-ruby1.8 libglade2-ruby 
libart2-ruby libpango1-ruby libgconf2-ruby libgtkglext1-ruby 
libgtkhtml2-ruby1.8 libgtksourceview1-ruby1.8 libgconf2-ruby1.8 
libgnomeprintui2-ruby1.8 libgtkhtml2-ruby libgtk-mozembed-ruby 
libgtksourceview1-ruby libgnomevfs2-ruby ruby-gnome2 libgnomevfs2-ruby1.8 
libgnome2-ruby libglib2-ruby libart2-ruby1.8 librsvg2-ruby 
libpanel-applet2-ruby1.8 libgnomeprintui2-ruby libvte-ruby libgtk2-ruby 
libgnomeprint2-ruby libvte-ruby1.8 librsvg2-ruby1.8 libgtk-mozembed-ruby1.8 
libgdk-pixbuf2-ruby libatk1-ruby1.8 libpoppler-glib-ruby1.8 
libpoppler-glib-ruby libgnomeprint2-ruby1.8 libgtkglext1-ruby1.8
Architecture: source amd64 all
Version: 0.16.0-10
Distribution: unstable
Urgency: high
Maintainer: Arnaud Cornet <[EMAIL PROTECTED]>
Changed-By: Arnaud Cornet <[EMAIL PROTECTED]>
Description: 
 libart2-ruby - Libart 2 bindings for the Ruby language
 libart2-ruby1.8 - Libart 2 bindings for the Ruby language
 libatk1-ruby - ATK bindings for the Ruby language
 libatk1-ruby1.8 - ATK bindings for the Ruby language
 libgconf2-ruby - GConf 2 bindings for the Ruby language
 libgconf2-ruby1.8 - GConf 2 bindings for the Ruby language
 libgdk-pixbuf2-ruby - Gdk-Pixbuf 2 bindings for the Ruby language
 libgdk-pixbuf2-ruby1.8 - Gdk-Pixbuf 2 bindings for the Ruby language
 libglade2-ruby - Libglade 2 bindings for the Ruby language
 libglade2-ruby1.8 - Libglade 2 bindings for the Ruby language
 libglib2-ruby - Glib 2 bindings for the Ruby language
 libglib2-ruby1.8 - Glib 2 bindings for the Ruby language
 libgnome2-ruby - GNOME 2 bindings for the Ruby language
 libgnome2-ruby1.8 - GNOME 2 bindings for the Ruby language
 libgnomecanvas2-ruby - GNOME Canvas 2 bindings for the Ruby language
 libgnomecanvas2-ruby1.8 - GNOME Canvas 2 bindings for the Ruby language
 libgnomeprint2-ruby - GNOME print bindings for the Ruby language
 libgnomeprint2-ruby1.8 - GNOME print bindings for the Ruby language
 libgnomeprintui2-ruby - GNOME print user interface bindings for the Ruby 
language
 libgnomeprintui2-ruby1.8 - GNOME print user interface bindings for the Ruby 
language
 libgnomevfs2-ruby - GNOME VFS 2 bindings for the Ruby language
 libgnomevfs2-ruby1.8 - GNOME VFS 2 bindings for the Ruby language
 libgtk-mozembed-ruby - ruby binding of GtkMozEmbed, gecko renderer
 libgtk-mozembed-ruby1.8 - ruby binding of GtkMozEmbed, gecko renderer
 libgtk2-ruby - GTK+ bindings for the Ruby language
 libgtk2-ruby1.8 - GTK+ bindings for the Ruby language
 libgtkglext1-ruby - GTK+ GL extension bindings for the Ruby language
 libgtkglext1-ruby1.8 - GTK+ GL extension bindings for the Ruby language
 libgtkhtml2-ruby - GtkHTML bindings for the Ruby language
 libgtkhtml2-ruby1.8 - GtkHTML bindings for the Ruby language
 libgtksourceview1-ruby - GtkSourceView bindings for the Ruby language
 libgtksourceview1-ruby1.8 - GtkSourceView bindings for the Ruby language
 libpanel-applet2-ruby - GNOME 2 panel applet library bindings for the Ruby 
language
 libpanel-applet2-ruby1.8 - GNOME 2 panel applet library bindings for the Ruby 
language
 libpango1-ruby - Pango bindings for the Ruby language
 libpango1-ruby1.8 - Pango bindings for the Ruby language
 libpoppler-glib-ruby - Ruby bindinds for the libpoppler-glib library
 libpoppler-glib-ruby1.8 - Ruby bindinds for the libpoppler-glib library
 librsvg2-ruby - RSVG renderer bindings for the Ruby language
 librsvg2-ruby1.8 - RSVG renderer bindings for the Ruby language
 libvte-ruby - VTE widget bindings for the Ruby language
 libvte-ruby1.8 - VTE widget bindings for the Ruby language
 ruby-gnome2 - GNOME-related bindings for the Ruby language
Closes: 453689
Changes: 
 ruby-gnome2 (0.16.0-10) unstable; urgency=high
 .
   * Use new Homepage dpkg-tag.
   * Included CVE-2007-6183.patch to fix format string vulnerability
     in rbgtkmessagedialog.c which might lead to arbitrary code
     execution (Closes: #453689). Thanks to Nico Golde for the fix.
Files: 
 3f216afd3402a860853088f6060dfa4b 1979 libs optional ruby-gnome2_0.16.0-10.dsc
 ce7f0cbb4593e90ffc64fee86f0fc56a 25771 libs optional 
ruby-gnome2_0.16.0-10.diff.gz
 f25500f84230a0636885be7fddceb78f 28266 libs optional 
libglib2-ruby_0.16.0-10_all.deb
 a7191ce32c17b302f9889a752f468696 23322 libs optional 
libatk1-ruby_0.16.0-10_all.deb
 9ee74f7715750dcd9dc50764432ad353 28104 libs optional 
libpango1-ruby_0.16.0-10_all.deb
 0b783cc98d9dd84557f37a70b006c9d5 31778 libs optional 
libgdk-pixbuf2-ruby_0.16.0-10_all.deb
 bf0008d5baae8af79ee9725f213de8f2 301564 libs optional 
libgtk2-ruby_0.16.0-10_all.deb
 c6104bb59d90534bc2cb9ad81963c832 26754 libs optional 
libart2-ruby_0.16.0-10_all.deb
 e5fe09014ed8236bb60583c36b3cc282 52026 libs optional 
libgnomecanvas2-ruby_0.16.0-10_all.deb
 a9ebe7c5316c78580e1c541f48d1f929 35430 libs optional 
libgnome2-ruby_0.16.0-10_all.deb
 f352d35fe54e09b6a78e9766c040f229 26762 libs optional 
libgconf2-ruby_0.16.0-10_all.deb
 b7d263aa122e018c71805db872de565c 28184 libs optional 
libglade2-ruby_0.16.0-10_all.deb
 00dd8805349271a6286f042099661a93 24048 libs optional 
libgtkhtml2-ruby_0.16.0-10_all.deb
 00c98cf8d24e215f05321ec1c99f796c 28400 libs optional 
libgtkglext1-ruby_0.16.0-10_all.deb
 51cac872802e26efec225e9f20a60633 23364 libs optional 
libgnomevfs2-ruby_0.16.0-10_all.deb
 763922d4d3847133e146ae26388eea6a 23976 libs optional 
libgtksourceview1-ruby_0.16.0-10_all.deb
 e596f318ee69af024818e85bcd0f4f52 24782 libs optional 
libpanel-applet2-ruby_0.16.0-10_all.deb
 2bb7fe0299628c2826c3cafa36ef4251 34238 libs optional 
libgnomeprint2-ruby_0.16.0-10_all.deb
 2855adcc974016116b92cd14a97138ae 32626 libs optional 
libgnomeprintui2-ruby_0.16.0-10_all.deb
 f4777dbd9100efabed17e7da456f0aa5 24406 libs optional 
librsvg2-ruby_0.16.0-10_all.deb
 c18b44b6d39e991f6ef95b1334a07ca5 26124 libs optional 
libgtk-mozembed-ruby_0.16.0-10_all.deb
 9e1f7ea79e852320c9828c880398a0cc 24416 libs optional 
libvte-ruby_0.16.0-10_all.deb
 44cae5a66e76c0abc24f5358b35a5a78 24774 libs optional 
libpoppler-glib-ruby_0.16.0-10_all.deb
 daa001460676b649c4858087d7256fb7 23284 libs optional 
ruby-gnome2_0.16.0-10_all.deb
 ff5df981af75dc15249bcfcb1b15974b 132552 libs optional 
libglib2-ruby1.8_0.16.0-10_amd64.deb
 2726f35e0535cd37d7adf6f9d2cc083f 49570 libs optional 
libatk1-ruby1.8_0.16.0-10_amd64.deb
 07bbb44afd8e094f8c87b17dd8118b32 69602 libs optional 
libpango1-ruby1.8_0.16.0-10_amd64.deb
 b1e9cbdd26240002d2312641ecd0a43c 39774 libs optional 
libgdk-pixbuf2-ruby1.8_0.16.0-10_amd64.deb
 1068159b1678dba6f0322099a24ab7c5 353204 libs optional 
libgtk2-ruby1.8_0.16.0-10_amd64.deb
 256676890cc3c402e380965efe83a822 40320 libs optional 
libart2-ruby1.8_0.16.0-10_amd64.deb
 cfb8bcf0b694a8d94894cad909b36c0e 42118 libs optional 
libgnomecanvas2-ruby1.8_0.16.0-10_amd64.deb
 e2c5bbae46f0e8101f54c7e232a4c4cb 77894 libs optional 
libgnome2-ruby1.8_0.16.0-10_amd64.deb
 3d02313635d8a1f6e5fe0d463a7eebbf 35946 libs optional 
libgconf2-ruby1.8_0.16.0-10_amd64.deb
 813914d66ff08bf456f947c21055156b 33058 libs optional 
libglade2-ruby1.8_0.16.0-10_amd64.deb
 1d274a95437d4f042157f923340c2a2c 38130 libs optional 
libgtkhtml2-ruby1.8_0.16.0-10_amd64.deb
 1ad92587c5871ac99ba9b51eab51e954 36292 libs optional 
libgtkglext1-ruby1.8_0.16.0-10_amd64.deb
 eabb336f2a5fe6aa05b3101431a78788 51296 libs optional 
libgnomevfs2-ruby1.8_0.16.0-10_amd64.deb
 a07992cbfe838c6a91307e12d73159dd 37754 libs optional 
libgtksourceview1-ruby1.8_0.16.0-10_amd64.deb
 1301d38dd2eda859adf3fcbfaa390cba 29918 libs optional 
libpanel-applet2-ruby1.8_0.16.0-10_amd64.deb
 905a97b0775b77fbd7c79e24073da164 42418 libs optional 
libgnomeprint2-ruby1.8_0.16.0-10_amd64.deb
 b6b37a30f0185ec7dd997b7d02aef7f3 31442 libs optional 
libgnomeprintui2-ruby1.8_0.16.0-10_amd64.deb
 27db86a8e7071c120505e1c8ba39dcc2 31164 libs optional 
librsvg2-ruby1.8_0.16.0-10_amd64.deb
 de5d0b37740422f1b107cdbf1f5661b4 29964 libs optional 
libgtk-mozembed-ruby1.8_0.16.0-10_amd64.deb
 377884b50a0d3e34bd51014a17c98617 35110 libs optional 
libvte-ruby1.8_0.16.0-10_amd64.deb
 2ff05a6cca83b4da4243304b0fc7458c 42112 libs optional 
libpoppler-glib-ruby1.8_0.16.0-10_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHUV6Vsk+dgCIlhI4RArJRAKCKmWhpi386hGSJKC9qxpqx3tVGyQCfQ5u7
8Rm1m1gJCP/oqN8I2x8LQ1A=
=ljYp
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to