Bug#540610: marked as done (rubygems: integrity violation)

Sat, 08 Aug 2009 23:39:18 -0700 

Your message dated Sun, 9 Aug 2009 02:36:18 -0400
with message-id <20090809023618.ced425d0.michael.s.gilb...@gmail.com>
and subject line Re: Bug#540610: rubygems: integrity violation
has caused the Debian Bug report #540610,
regarding rubygems: integrity violation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
540610: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540610
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
package: rubygems1.9
version: 1.3.1
tags: security
severity: serious

hello, it has been disclosed thet a specially crafted gem archive could
be used to overwrite system files.  confirmed for 1.3.x, but older
versions may also be affected.  please check and help the security
team prepare updates for the stable releases. see:

http://bugs.gentoo.org/show_bug.cgi?id=278566
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/24472
http://redmine.ruby-lang.org/issues/show/1800

--- End Message ---
--- Begin Message --- 
On Sun, 09 Aug 2009 15:34:18 +0900 Daigo Moriwaki wrote:

> Hello Michael,
> 
> Michael S. Gilbert wrote:
> > package: rubygems1.9
> > version: 1.3.1
> > tags: security
> > severity: serious
> > 
> > hello, it has been disclosed thet a specially crafted gem archive could
> > be used to overwrite system files.  confirmed for 1.3.x, but older
> > versions may also be affected.  please check and help the security
> > team prepare updates for the stable releases. see:
> > 
> > http://bugs.gentoo.org/show_bug.cgi?id=278566
> > http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/24472
> > http://redmine.ruby-lang.org/issues/show/1800
> 
> Thank you for the references. I have just read them.
> 
> In Debian, executables from gems install into a particular directory specific 
> to
> RubyGems such as /var/lib/gems/{1.8|1.9.0}/bin instead of the system directory
> /usr/bin. There should be no risk that they talked about.
> 
> If you think of any problems in Debian, please let me know; otherwise, please
> close this ticket.

ok, looks like there's no problem here.  thanks for the quick
response!

mike

--- End Message ---

Reply via email to