Your message dated Wed, 03 Sep 2008 03:02:05 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#494402: fixed in ruby1.9 1.9.0.2-6 has caused the Debian Bug report #494402, regarding Multiple vulnerabilities found to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 494402: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494402 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: ruby1.9 Version: 1.9.0.2-4 Severity: grave Tags: security The upstream has announced that they fixed multiple vulnerabilities[1]. * Several vulnerabilities in safe level * DoS vulnerability in WEBrick * Lack of taintness check in dl * DNS spoofing vulnerability in resolv.rb (CVE-2008-1447[2]) The following pacakges in Debian are affected: * ruby1.9 - unstable: 1.9.0.2-5 - testing: 1.9.0.2-4 - stable: 1.9.0+20060609-1etch2 [1] http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 Regards, Daigo -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable'), (90, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores) Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP) Shell: /bin/sh linked to /bin/bash Versions of packages ruby1.9 depends on: ii libc6 2.7-10 GNU C Library: Shared libraries ii libruby1.9 1.9.0.2-4 Libraries necessary to run Ruby 1. ruby1.9 recommends no packages. Versions of packages ruby1.9 suggests: ii rdoc1.9 1.9.0.2-4 Generate documentation from Ruby s ii ri1.9 1.9.0.2-4 Ruby Interactive reference (for Ru ii ruby1.9-examples 1.9.0.2-4 Examples for Ruby 1.9 ii rubygems1.9 1.2.0-1 package management framework for R -- no debconf information
--- End Message ---
--- Begin Message ---Source: ruby1.9 Source-Version: 1.9.0.2-6 We believe that the bug you reported is fixed in the latest version of ruby1.9, which is due to be installed in the Debian FTP archive: irb1.9_1.9.0.2-6_all.deb to pool/main/r/ruby1.9/irb1.9_1.9.0.2-6_all.deb libdbm-ruby1.9_1.9.0.2-6_i386.deb to pool/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-6_i386.deb libgdbm-ruby1.9_1.9.0.2-6_i386.deb to pool/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-6_i386.deb libopenssl-ruby1.9_1.9.0.2-6_i386.deb to pool/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-6_i386.deb libreadline-ruby1.9_1.9.0.2-6_i386.deb to pool/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-6_i386.deb libruby1.9-dbg_1.9.0.2-6_i386.deb to pool/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-6_i386.deb libruby1.9_1.9.0.2-6_i386.deb to pool/main/r/ruby1.9/libruby1.9_1.9.0.2-6_i386.deb libtcltk-ruby1.9_1.9.0.2-6_i386.deb to pool/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-6_i386.deb rdoc1.9_1.9.0.2-6_all.deb to pool/main/r/ruby1.9/rdoc1.9_1.9.0.2-6_all.deb ri1.9_1.9.0.2-6_all.deb to pool/main/r/ruby1.9/ri1.9_1.9.0.2-6_all.deb ruby1.9-dev_1.9.0.2-6_i386.deb to pool/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-6_i386.deb ruby1.9-elisp_1.9.0.2-6_all.deb to pool/main/r/ruby1.9/ruby1.9-elisp_1.9.0.2-6_all.deb ruby1.9-examples_1.9.0.2-6_all.deb to pool/main/r/ruby1.9/ruby1.9-examples_1.9.0.2-6_all.deb ruby1.9_1.9.0.2-6.diff.gz to pool/main/r/ruby1.9/ruby1.9_1.9.0.2-6.diff.gz ruby1.9_1.9.0.2-6.dsc to pool/main/r/ruby1.9/ruby1.9_1.9.0.2-6.dsc ruby1.9_1.9.0.2-6_i386.deb to pool/main/r/ruby1.9/ruby1.9_1.9.0.2-6_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daigo Moriwaki <[EMAIL PROTECTED]> (supplier of updated ruby1.9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 02 Sep 2008 22:11:34 -0400 Source: ruby1.9 Binary: ruby1.9 libruby1.9 libruby1.9-dbg ruby1.9-dev libdbm-ruby1.9 libgdbm-ruby1.9 libreadline-ruby1.9 libtcltk-ruby1.9 libopenssl-ruby1.9 ruby1.9-examples ruby1.9-elisp ri1.9 rdoc1.9 irb1.9 Architecture: source all i386 Version: 1.9.0.2-6 Distribution: unstable Urgency: low Maintainer: akira yamada <[EMAIL PROTECTED]> Changed-By: Daigo Moriwaki <[EMAIL PROTECTED]> Description: irb1.9 - Interactive Ruby (for Ruby 1.9) libdbm-ruby1.9 - DBM interface for Ruby 1.9 libgdbm-ruby1.9 - GDBM interface for Ruby 1.9 libopenssl-ruby1.9 - OpenSSL interface for Ruby 1.9 libreadline-ruby1.9 - Readline interface for Ruby 1.9 libruby1.9 - Libraries necessary to run Ruby 1.9 libruby1.9-dbg - Debugging symbols for Ruby 1.9 libtcltk-ruby1.9 - Tcl/Tk interface for Ruby 1.9 rdoc1.9 - Generate documentation from Ruby source files (for Ruby 1.9) ri1.9 - Ruby Interactive reference (for Ruby 1.9) ruby1.9 - Interpreter of object-oriented scripting language Ruby 1.9 ruby1.9-dev - Header files for compiling extension modules for the Ruby 1.9 ruby1.9-elisp - ruby-mode for Emacsen ruby1.9-examples - Examples for Ruby 1.9 Closes: 494402 497610 Changes: ruby1.9 (1.9.0.2-6) unstable; urgency=low . * Added patches under debian/patches which were backported from the upstream and fixed multiple vulnerabilities: - 301_dns_spoofing_r18424.dpatch: fixed DNS spoofing vulnerability in resolv.rb. (CVE-2008-1447) - 302_r18220_webrick_DoS.dpatch: fixed DoS vulnerability in WEBrick. - 303_r17726_syslog_safeleve4.dpatch: syslog operations should be protected from $SAFE level 4. - 304_r17577_trace_var_safeleve4.dpatch: rb_f_trace_var should not be allowed at safe level 4. - 305_r18496_dl_tain.dpatch: dl doesn't check taintness, so it could allow attackers to call dangerous functions. - 306_r17586_methods_called_safelevel13.dpatch: Insecure methods may be called at safe level 1-3. (Closes: #494402) - 307_r19033_rexml_DoS.dpatch: fixed DoS vulnerability in REXML. (CVE-2008-3790) (Closes: #497610) * hoge Checksums-Sha1: 6cf51bf0909e3c473645050920d7a0db7f4c1404 1651 ruby1.9_1.9.0.2-6.dsc 93f8d5936f10741035b1d0fde6f47663a3e52beb 48792 ruby1.9_1.9.0.2-6.diff.gz 6822b80c538578d00da1eaa878bace88dc2f44a5 481350 ruby1.9-examples_1.9.0.2-6_all.deb 6b4f27ef73588ea5d86916361c7cee0e78382904 448678 ruby1.9-elisp_1.9.0.2-6_all.deb 3923c96d14a114cdeadebd43d5eb30f914f79711 1434082 ri1.9_1.9.0.2-6_all.deb 2ef2b1fd845bec113f34073a83ccc218d3e736a0 536304 rdoc1.9_1.9.0.2-6_all.deb 30cb1532ca92925a80f6e8b9d979a95a734662bf 473990 irb1.9_1.9.0.2-6_all.deb bbdaedd3d5237943abde7a767ee52e452b5b1bcd 451974 ruby1.9_1.9.0.2-6_i386.deb 947c844d35c6a46d7d5ff44217bbcadf5543ffd0 2545590 libruby1.9_1.9.0.2-6_i386.deb 12965dca829883549d4dcf7402c94f68b0a555d5 2329752 libruby1.9-dbg_1.9.0.2-6_i386.deb bcdb2e3a50597687066cfc3f74894ac2126fbcb7 1309398 ruby1.9-dev_1.9.0.2-6_i386.deb 0f24bc561800b48bab9937e46fdbed39d6d1b284 435026 libdbm-ruby1.9_1.9.0.2-6_i386.deb e41fd9553cb838e061d44bf81f7afb913a7f800a 434328 libgdbm-ruby1.9_1.9.0.2-6_i386.deb 67d446dc3c1e1944b2487ca424d884dcf8c76bd6 434808 libreadline-ruby1.9_1.9.0.2-6_i386.deb f0b65e2b17b4f07d0a6b1a984ceecff3cdad8e94 2183430 libtcltk-ruby1.9_1.9.0.2-6_i386.deb f127a12a12fcad64543be0af085922d8b8cadc50 545342 libopenssl-ruby1.9_1.9.0.2-6_i386.deb Checksums-Sha256: d799d61fd902f016c08885d2bdc0599b13f808083afdbbb1d119bb7b490c009b 1651 ruby1.9_1.9.0.2-6.dsc f03fbfb3c2ae391e587d8bafc1c983cf33b0adc7e615618bb96ae3311aa4cac1 48792 ruby1.9_1.9.0.2-6.diff.gz 00fbf9d10751eea365fb35b53c3e854e79a2eeab5d727d2dee17dab03c1970c2 481350 ruby1.9-examples_1.9.0.2-6_all.deb d21ab7ef3ef34a485d89a2b35e45c61310023b909e04de7954d442cc5cbff07a 448678 ruby1.9-elisp_1.9.0.2-6_all.deb c581a42c477cb5848ed3371796df4983498d53549293db936491340e2b5e937d 1434082 ri1.9_1.9.0.2-6_all.deb 75edf42e738b3ca0cf95b8185826e7248466036652e04534761469dbe54d36d5 536304 rdoc1.9_1.9.0.2-6_all.deb 7e03a04b27d53281ce674e598091de72dbfea3ab0e47fdcb2b7f5764aaae9f1b 473990 irb1.9_1.9.0.2-6_all.deb 2e2219358d53c0a484ed457b912401f34342b4573128b46ff27941d341eccf5b 451974 ruby1.9_1.9.0.2-6_i386.deb 86e6141da39d5c5cf7b46664ec59e182e29e96bfb59fb3d493ef54c65f321c26 2545590 libruby1.9_1.9.0.2-6_i386.deb 9e29feba74d06fef963cc59cb6ec735adffc34a045467a7b458de478b7fc2c49 2329752 libruby1.9-dbg_1.9.0.2-6_i386.deb b936bc6c0a5629a108bbfd80ee5a5459fa81d52785a5d408d751788cd5f59935 1309398 ruby1.9-dev_1.9.0.2-6_i386.deb f9eb8359df2746fee1be027661fba205917301cf7e7d66c01cfcb0a42b3f4c5e 435026 libdbm-ruby1.9_1.9.0.2-6_i386.deb ba906e08effbed15e0a821b1907372fd755885ef99fb0793f6d0c03a4178e08f 434328 libgdbm-ruby1.9_1.9.0.2-6_i386.deb 3b88f8feb34e409170e1fedf7c1d9f60c4139fe1140df8b5d84d4fadfc889f4e 434808 libreadline-ruby1.9_1.9.0.2-6_i386.deb e07849c5e4a613880a50d1adbdba1c9be9dc59a62c3be806de5a182ec32905b3 2183430 libtcltk-ruby1.9_1.9.0.2-6_i386.deb ee0db20e2318fbe886492396edbf40af99e9219945d5fb82f2ad61039c7f9933 545342 libopenssl-ruby1.9_1.9.0.2-6_i386.deb Files: 47a820e3e57d82010431978e62f5476f 1651 interpreters optional ruby1.9_1.9.0.2-6.dsc 1ba08f53037a05fef595bbb48e589e5d 48792 interpreters optional ruby1.9_1.9.0.2-6.diff.gz 252e4fce0c0eff3c5cedfa69fa107bf4 481350 interpreters optional ruby1.9-examples_1.9.0.2-6_all.deb 5539e3b6f1afdf2681bbe4117d5af8b6 448678 interpreters optional ruby1.9-elisp_1.9.0.2-6_all.deb 73524f45fef406af9f3fb34c607564ec 1434082 interpreters optional ri1.9_1.9.0.2-6_all.deb 5f053526542f0a7587779394969bf2a6 536304 doc optional rdoc1.9_1.9.0.2-6_all.deb 6d1f4882e2548cb0ab4f948cfab3a44c 473990 interpreters optional irb1.9_1.9.0.2-6_all.deb 345122e68b0f468c6bbd5d8cf52cf9ee 451974 interpreters optional ruby1.9_1.9.0.2-6_i386.deb f6d13ac5d4a0fce71a39d645b941fa95 2545590 libs optional libruby1.9_1.9.0.2-6_i386.deb 14e0b74693e893879067be9d9b12dac5 2329752 libdevel extra libruby1.9-dbg_1.9.0.2-6_i386.deb 0911079cb887bab59be67c8f03526112 1309398 devel optional ruby1.9-dev_1.9.0.2-6_i386.deb ad7b6f97bc3fb84b1d188b6c216a8200 435026 interpreters optional libdbm-ruby1.9_1.9.0.2-6_i386.deb aa71fefd2568ff782fb0887df7dd63e3 434328 interpreters optional libgdbm-ruby1.9_1.9.0.2-6_i386.deb e0ce2e9922adaf964e998d56d11dbeac 434808 interpreters optional libreadline-ruby1.9_1.9.0.2-6_i386.deb 60bf8d98842a04c81880d1b2428b1809 2183430 interpreters optional libtcltk-ruby1.9_1.9.0.2-6_i386.deb d22910c5ce3417976b03455f5c5502cf 545342 interpreters optional libopenssl-ruby1.9_1.9.0.2-6_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAki9+WQACgkQNcPj+ukc0lDBuwCfePSoEhg3qP+3Ts9p2DJJBfy2 hw8An03swg0IDq9dgiEn4OzZH2LvXzV7 =3fzD -----END PGP SIGNATURE-----
--- End Message ---
