Bug#487238: marked as done (ruby1.8: Arbitrary code execution vulnerability and so on)

Debian Bug Tracking System Fri, 20 Jun 2008 08:31:48 -0700

Your message dated Fri, 20 Jun 2008 15:17:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#487238: fixed in ruby1.8 1.8.7.22-1
has caused the Debian Bug report #487238,
regarding ruby1.8: Arbitrary code execution vulnerability and so on
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
487238: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487238
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: ruby1.8
Version: 1.8.6.114-2
Severity: grave
Tags: security
Justification: user security hole


The upstream has announced multiple vulnerabilities in Ruby. They may lead
to a denial of service (DoS) condition or allow execution of arbitrary code.
  * CVE-2008-2662
  * CVE-2008-2663
  * CVE-2008-2725
  * CVE-2008-2726
  * CVE-2008-2727
  * CVE-2008-2728
  * CVE-2008-2664

Vulnerable versions

1.8 series
  * 1.8.4 and all prior versions
  * 1.8.5-p230 and all prior versions
  * 1.8.6-p229 and all prior versions
  * 1.8.7-p21 and all prior versions

1.9 series
  * 1.9.0-1 and all prior versions

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable'), (90, 'unstable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores)
Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP)
Shell: /bin/sh linked to /bin/bash

Versions of packages ruby1.8 depends on:
ii  libc6                        2.7-10      GNU C Library: Shared libraries
ii  libruby1.8                   1.8.6.114-2 Libraries necessary to run Ruby 1.

ruby1.8 recommends no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: ruby1.8
Source-Version: 1.8.7.22-1

We believe that the bug you reported is fixed in the latest version of
ruby1.8, which is due to be installed in the Debian FTP archive:

irb1.8_1.8.7.22-1_all.deb
  to pool/main/r/ruby1.8/irb1.8_1.8.7.22-1_all.deb
libdbm-ruby1.8_1.8.7.22-1_amd64.deb
  to pool/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.22-1_amd64.deb
libgdbm-ruby1.8_1.8.7.22-1_amd64.deb
  to pool/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.22-1_amd64.deb
libopenssl-ruby1.8_1.8.7.22-1_amd64.deb
  to pool/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.22-1_amd64.deb
libreadline-ruby1.8_1.8.7.22-1_amd64.deb
  to pool/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.22-1_amd64.deb
libruby1.8-dbg_1.8.7.22-1_amd64.deb
  to pool/main/r/ruby1.8/libruby1.8-dbg_1.8.7.22-1_amd64.deb
libruby1.8_1.8.7.22-1_amd64.deb
  to pool/main/r/ruby1.8/libruby1.8_1.8.7.22-1_amd64.deb
libtcltk-ruby1.8_1.8.7.22-1_amd64.deb
  to pool/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.22-1_amd64.deb
rdoc1.8_1.8.7.22-1_all.deb
  to pool/main/r/ruby1.8/rdoc1.8_1.8.7.22-1_all.deb
ri1.8_1.8.7.22-1_all.deb
  to pool/main/r/ruby1.8/ri1.8_1.8.7.22-1_all.deb
ruby1.8-dev_1.8.7.22-1_amd64.deb
  to pool/main/r/ruby1.8/ruby1.8-dev_1.8.7.22-1_amd64.deb
ruby1.8-elisp_1.8.7.22-1_all.deb
  to pool/main/r/ruby1.8/ruby1.8-elisp_1.8.7.22-1_all.deb
ruby1.8-examples_1.8.7.22-1_all.deb
  to pool/main/r/ruby1.8/ruby1.8-examples_1.8.7.22-1_all.deb
ruby1.8_1.8.7.22-1.diff.gz
  to pool/main/r/ruby1.8/ruby1.8_1.8.7.22-1.diff.gz
ruby1.8_1.8.7.22-1.dsc
  to pool/main/r/ruby1.8/ruby1.8_1.8.7.22-1.dsc
ruby1.8_1.8.7.22-1_amd64.deb
  to pool/main/r/ruby1.8/ruby1.8_1.8.7.22-1_amd64.deb
ruby1.8_1.8.7.22.orig.tar.gz
  to pool/main/r/ruby1.8/ruby1.8_1.8.7.22.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daigo Moriwaki <[EMAIL PROTECTED]> (supplier of updated ruby1.8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 20 Jun 2008 23:24:07 +0900
Source: ruby1.8
Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libdbm-ruby1.8 
libgdbm-ruby1.8 libreadline-ruby1.8 libtcltk-ruby1.8 libopenssl-ruby1.8 
ruby1.8-examples ruby1.8-elisp ri1.8 rdoc1.8 irb1.8
Architecture: source all amd64
Version: 1.8.7.22-1
Distribution: unstable
Urgency: high
Maintainer: akira yamada <[EMAIL PROTECTED]>
Changed-By: Daigo Moriwaki <[EMAIL PROTECTED]>
Description: 
 irb1.8     - Interactive Ruby (for Ruby 1.8)
 libdbm-ruby1.8 - DBM interface for Ruby 1.8
 libgdbm-ruby1.8 - GDBM interface for Ruby 1.8
 libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8
 libreadline-ruby1.8 - Readline interface for Ruby 1.8
 libruby1.8 - Libraries necessary to run Ruby 1.8
 libruby1.8-dbg - Debugging symbols for Ruby 1.8
 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
 rdoc1.8    - Generate documentation from Ruby source files (for Ruby 1.8)
 ri1.8      - Ruby Interactive reference (for Ruby 1.8)
 ruby1.8    - Interpreter of object-oriented scripting language Ruby 1.8
 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
 ruby1.8-elisp - ruby-mode for Emacsen
 ruby1.8-examples - Examples for Ruby 1.8
Closes: 487238
Changes: 
 ruby1.8 (1.8.7.22-1) unstable; urgency=high
 .
   * New upstream release.
   * Fixed vulnerability: arbitrary code execution vulnerability and so on
     (Closes: #487238)
Checksums-Sha1: 
 45c6bfcf875030073f875b808b91db18147aa44f 1617 ruby1.8_1.8.7.22-1.dsc
 5df7c2c6ecf967fbea1278473056ddb0ac2b7fe2 4799242 ruby1.8_1.8.7.22.orig.tar.gz
 7f7c234d81baec2a52be2c2fc9484efde45307e2 45369 ruby1.8_1.8.7.22-1.diff.gz
 7c36b4476e18c7772b9d21cc6c2b9d198238219f 305618 
ruby1.8-examples_1.8.7.22-1_all.deb
 dae0e2657ffe032553150190040a1cdcbb4e0445 272772 
ruby1.8-elisp_1.8.7.22-1_all.deb
 498d9a8ae95cc20ba280a6a83679bcfac80b1455 1387012 ri1.8_1.8.7.22-1_all.deb
 e6af2cd4332ecd501139957a67365c31ae8b53a2 373418 rdoc1.8_1.8.7.22-1_all.deb
 860abd3bb00f88c5652d7bc7286dc209b264cf61 300114 irb1.8_1.8.7.22-1_all.deb
 7090a600e3875b75a8b9a698781687c274f423ac 279488 ruby1.8_1.8.7.22-1_amd64.deb
 f0b05193eb14a59e3dafe9f10fc9c887439be0d1 1734926 
libruby1.8_1.8.7.22-1_amd64.deb
 cba519354b504d0fcf18c5c023fdfbfe724ac4ac 1539558 
libruby1.8-dbg_1.8.7.22-1_amd64.deb
 fac3c246cd8e9ce60ad2a0b16b4f36d4513a028f 861724 
ruby1.8-dev_1.8.7.22-1_amd64.deb
 e31d29fbc1593d869c2c4fd42e4597e3ba98e376 261670 
libdbm-ruby1.8_1.8.7.22-1_amd64.deb
 1d8c438f3e8a8954572fa7436e3a7997340a2dd0 260804 
libgdbm-ruby1.8_1.8.7.22-1_amd64.deb
 e6faf078f4efb09305854e04a92f312ca876e4bc 260426 
libreadline-ruby1.8_1.8.7.22-1_amd64.deb
 83c254700b5badda50e53b1c9dbb523d26767636 1990018 
libtcltk-ruby1.8_1.8.7.22-1_amd64.deb
 f69ed7ce6fb7a30da63d597fdb19539780f9bdba 389462 
libopenssl-ruby1.8_1.8.7.22-1_amd64.deb
Checksums-Sha256: 
 c89647c5f81dcc865680ba0a659c41111bd517da8110c71e029ee6d5ada29918 1617 
ruby1.8_1.8.7.22-1.dsc
 d2e4e6a9f170066846304797d39e8f388edb06206b40c9ef5ec2d657ff22c072 4799242 
ruby1.8_1.8.7.22.orig.tar.gz
 be28944529c63e64df8c87b8d944843a8adf9b2e52f6c6d3f9e1f4189d22f606 45369 
ruby1.8_1.8.7.22-1.diff.gz
 d6cbab325ebda3075c61750bfb87409ecc554cdc01b9e788bd8f7c9a41b78bee 305618 
ruby1.8-examples_1.8.7.22-1_all.deb
 be616654c0ac6f2362d80fe16b70b722640bbb80bbf78b29dd62264279ad1907 272772 
ruby1.8-elisp_1.8.7.22-1_all.deb
 554f0f53c14c5af4b5377f8903a4c5381da4a9b4da77cb132107d6eb46dcf3f3 1387012 
ri1.8_1.8.7.22-1_all.deb
 a08379ea8118f186f07f5a3b4bf778fc77339dc2d031febc807f93bbe1c052a8 373418 
rdoc1.8_1.8.7.22-1_all.deb
 12a1dcf94ad878b46c75634a6b1bc2573b87f0457de1821a6ace16a6190a5f22 300114 
irb1.8_1.8.7.22-1_all.deb
 d08bcf0e754b229ee7af969f3088b4c038bd786e8ad039567cc2016bd24e42a9 279488 
ruby1.8_1.8.7.22-1_amd64.deb
 4c84c1495e0639804fb170879234a3e571fcf12da7b6eb57a04c8944de0f4fc5 1734926 
libruby1.8_1.8.7.22-1_amd64.deb
 37ca7306f1fdcbacbf9c1f0e0686d83eb6f9dc5a568da5d27706642fef1e574e 1539558 
libruby1.8-dbg_1.8.7.22-1_amd64.deb
 7862d3f8f8782c73ffdeab0b3b243b7dfdca5e350ed48612d6125535547a7b14 861724 
ruby1.8-dev_1.8.7.22-1_amd64.deb
 c8577a7a65a5dbd9948ffbaac8bc3ef45d2ce5351998d14338a61ccf16cda3a5 261670 
libdbm-ruby1.8_1.8.7.22-1_amd64.deb
 092c1bbe9c449efbfc196e4bfce4db90211e55bbe72d704f2a743a58b2baae62 260804 
libgdbm-ruby1.8_1.8.7.22-1_amd64.deb
 5f8aee54c7cf5a85d549cc3334ebcce397b977cd8131baa5cd2afd310da379d8 260426 
libreadline-ruby1.8_1.8.7.22-1_amd64.deb
 857c7c44e6b6cd4229fececabcbce633a0f5d619430382bf4a919ecd956e171f 1990018 
libtcltk-ruby1.8_1.8.7.22-1_amd64.deb
 f1fe15ddf5699bb7d0e39ab7a0a68f59f9f0fba09cdfc9c30975d483da9583c5 389462 
libopenssl-ruby1.8_1.8.7.22-1_amd64.deb
Files: 
 66537991aa60e7df248a80628852a230 1617 interpreters optional 
ruby1.8_1.8.7.22-1.dsc
 fc3ede83a98f48d8cb6de2145f680ef2 4799242 interpreters optional 
ruby1.8_1.8.7.22.orig.tar.gz
 06412f756bc23008da948b3e9144f731 45369 interpreters optional 
ruby1.8_1.8.7.22-1.diff.gz
 255f3237443ef51d40141fe6b6d66546 305618 interpreters optional 
ruby1.8-examples_1.8.7.22-1_all.deb
 22f6058a86cdd754c388a5f492b3e03c 272772 interpreters optional 
ruby1.8-elisp_1.8.7.22-1_all.deb
 e056c5585948d658d33916072019f5b0 1387012 interpreters optional 
ri1.8_1.8.7.22-1_all.deb
 049c78180a0e9110324ba79bf2c610a7 373418 doc optional rdoc1.8_1.8.7.22-1_all.deb
 849bf70b876c93a42c4480ce05d03b38 300114 interpreters optional 
irb1.8_1.8.7.22-1_all.deb
 aef1a3060b5f9a3902fdc19fb3cabb09 279488 interpreters optional 
ruby1.8_1.8.7.22-1_amd64.deb
 362b990f33afc1773dc13228f0801cd7 1734926 libs optional 
libruby1.8_1.8.7.22-1_amd64.deb
 4c2a713bfcc2c835c493518a43447d5a 1539558 libdevel extra 
libruby1.8-dbg_1.8.7.22-1_amd64.deb
 c28e10a46de45f4881f6f86932d1257a 861724 devel optional 
ruby1.8-dev_1.8.7.22-1_amd64.deb
 a0c949ef8ebb311711e9560363ef41e4 261670 interpreters optional 
libdbm-ruby1.8_1.8.7.22-1_amd64.deb
 6d687e6161170a0c100380b57c91d7ee 260804 interpreters optional 
libgdbm-ruby1.8_1.8.7.22-1_amd64.deb
 eea910ab64c5ec0a77129ed359f034c0 260426 interpreters optional 
libreadline-ruby1.8_1.8.7.22-1_amd64.deb
 8556704551073fc7935098feb01da6fa 1990018 interpreters optional 
libtcltk-ruby1.8_1.8.7.22-1_amd64.deb
 2bd3f9b011177cb49381ac3020964040 389462 interpreters optional 
libopenssl-ruby1.8_1.8.7.22-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIW8fBNcPj+ukc0lARAoZtAJ4iReG9zWldboUIXTUSVauVjVYneQCfQ+nk
JopoXlqgGJrU6lX27dVdK4Y=
=DNHd
-----END PGP SIGNATURE-----

--- End Message ---

Bug#487238: marked as done (ruby1.8: Arbitrary code execution vulnerability and so on)

Reply via email to