Your message dated Mon, 17 Aug 2009 20:53:30 +0000 with message-id <e1md9cs-0004zl...@ries.debian.org> and subject line Bug#513528: fixed in ruby1.9.1 1.9.1.243-1 has caused the Debian Bug report #513528, regarding ruby1.9: Not properly checking the return value of OCSP_basic_verify to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 513528: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ruby1.9 Severity: serious Tags: security Hi, I was looking at return codes for applications making use of openssl functions and found this in ext/openssl/ossl_ocsp.c: result = OCSP_basic_verify(bs, x509s, x509st, flg); sk_X509_pop_free(x509s, X509_free); if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL)); return result ? Qtrue : Qfalse; OCSP_basic_verify() can return both 0 and -1 in error cases, so this function can incorrectly return information to the caller. I have no idea if what this code is used for and what the consequences of this might be. Kurt
--- End Message ---
--- Begin Message ---Source: ruby1.9.1 Source-Version: 1.9.1.243-1 We believe that the bug you reported is fixed in the latest version of ruby1.9.1, which is due to be installed in the Debian FTP archive: irb1.9.1_1.9.1.243-1_all.deb to pool/main/r/ruby1.9.1/irb1.9.1_1.9.1.243-1_all.deb libdbm-ruby1.9.1_1.9.1.243-1_amd64.deb to pool/main/r/ruby1.9.1/libdbm-ruby1.9.1_1.9.1.243-1_amd64.deb libgdbm-ruby1.9.1_1.9.1.243-1_amd64.deb to pool/main/r/ruby1.9.1/libgdbm-ruby1.9.1_1.9.1.243-1_amd64.deb libopenssl-ruby1.9.1_1.9.1.243-1_amd64.deb to pool/main/r/ruby1.9.1/libopenssl-ruby1.9.1_1.9.1.243-1_amd64.deb libreadline-ruby1.9.1_1.9.1.243-1_amd64.deb to pool/main/r/ruby1.9.1/libreadline-ruby1.9.1_1.9.1.243-1_amd64.deb libruby1.9.1-dbg_1.9.1.243-1_amd64.deb to pool/main/r/ruby1.9.1/libruby1.9.1-dbg_1.9.1.243-1_amd64.deb libruby1.9.1_1.9.1.243-1_amd64.deb to pool/main/r/ruby1.9.1/libruby1.9.1_1.9.1.243-1_amd64.deb libtcltk-ruby1.9.1_1.9.1.243-1_amd64.deb to pool/main/r/ruby1.9.1/libtcltk-ruby1.9.1_1.9.1.243-1_amd64.deb rdoc1.9.1_1.9.1.243-1_all.deb to pool/main/r/ruby1.9.1/rdoc1.9.1_1.9.1.243-1_all.deb ri1.9.1_1.9.1.243-1_all.deb to pool/main/r/ruby1.9.1/ri1.9.1_1.9.1.243-1_all.deb ruby1.9.1-dev_1.9.1.243-1_amd64.deb to pool/main/r/ruby1.9.1/ruby1.9.1-dev_1.9.1.243-1_amd64.deb ruby1.9.1-elisp_1.9.1.243-1_all.deb to pool/main/r/ruby1.9.1/ruby1.9.1-elisp_1.9.1.243-1_all.deb ruby1.9.1-examples_1.9.1.243-1_all.deb to pool/main/r/ruby1.9.1/ruby1.9.1-examples_1.9.1.243-1_all.deb ruby1.9.1_1.9.1.243-1.diff.gz to pool/main/r/ruby1.9.1/ruby1.9.1_1.9.1.243-1.diff.gz ruby1.9.1_1.9.1.243-1.dsc to pool/main/r/ruby1.9.1/ruby1.9.1_1.9.1.243-1.dsc ruby1.9.1_1.9.1.243-1_amd64.deb to pool/main/r/ruby1.9.1/ruby1.9.1_1.9.1.243-1_amd64.deb ruby1.9.1_1.9.1.243.orig.tar.gz to pool/main/r/ruby1.9.1/ruby1.9.1_1.9.1.243.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 513...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Lucas Nussbaum <lu...@lucas-nussbaum.net> (supplier of updated ruby1.9.1 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 30 Jul 2009 01:24:03 +0200 Source: ruby1.9.1 Binary: ruby1.9.1 libruby1.9.1 libruby1.9.1-dbg ruby1.9.1-dev libdbm-ruby1.9.1 libgdbm-ruby1.9.1 libreadline-ruby1.9.1 libtcltk-ruby1.9.1 libopenssl-ruby1.9.1 ruby1.9.1-examples ruby1.9.1-elisp ri1.9.1 rdoc1.9.1 irb1.9.1 Architecture: source all amd64 Version: 1.9.1.243-1 Distribution: unstable Urgency: low Maintainer: akira yamada <ak...@debian.org> Changed-By: Lucas Nussbaum <lu...@lucas-nussbaum.net> Description: irb1.9.1 - Interactive Ruby (for Ruby 1.9.1) libdbm-ruby1.9.1 - DBM interface for Ruby 1.9.1 libgdbm-ruby1.9.1 - GDBM interface for Ruby 1.9.1 libopenssl-ruby1.9.1 - OpenSSL interface for Ruby 1.9.1 libreadline-ruby1.9.1 - Readline interface for Ruby 1.9.1 libruby1.9.1 - Libraries necessary to run Ruby 1.9.1 libruby1.9.1-dbg - Debugging symbols for Ruby 1.9.1 libtcltk-ruby1.9.1 - Tcl/Tk interface for Ruby 1.9.1 rdoc1.9.1 - Generate documentation from Ruby source files (for Ruby 1.9.1) ri1.9.1 - Ruby Interactive reference (for Ruby 1.9.1) ruby1.9.1 - Interpreter of object-oriented scripting language Ruby 1.9.1 ruby1.9.1-dev - Header files for compiling extension modules for the Ruby 1.9.1 ruby1.9.1-elisp - ruby-mode for Emacsen ruby1.9.1-examples - Examples for Ruby 1.9 Closes: 498977 510914 513528 514695 514696 Changes: ruby1.9.1 (1.9.1.243-1) unstable; urgency=low . [ Daigo Moriwaki ] * debian/watch: corrected to follow the new versioning by the upstream such as 1.9.1-p0.tar.gz * Added debian/patches/090301_r22440_OCSP_basic_verify.dpatch Not properly checking the return value of OCSP_basic_verify (Closes: #513528) * Added debian/patches/090803_exclude_rdoc.dpatch to avoid errors to for generating RDoc documents. * debian/fixshebang.sh: skip non-text files, which works around hanging of sed on scanning gif images. * The upstream's COPYING* is no longer installed (due to Debian policy). That informatin is included in debian/copyright. * debian/ruby1.9.1-elisp.emacsen-{remove|startup|install}: Corrected the package name. . [ Lucas Nussbaum ] * Build-Depends on procps. Closes: #510914. * Added patch 940_test_thread_mutex_sync_shorter: makes test_mutex_synchronize much shorter to deal with slow arches. Closes: #514696. * Added patch 940_hppa_disable_test_propag_signal: disable test_should_propagate signal on hppa. Closes: #514695. * Checked that 1.9.1.0 fixes CVE-2008-3905. Closes: #498977. * debian/patches cleanups. Removed obsolete patches. * Added 940_test_file_exhaustive_fails_as_root and 940_test_priority_fails to deal with test suite failures. * Disable 102_skip_test_copy_stream and 104_skip_btest_io: I couldn't reproduce the failure on x86-64. Is it arch-specific? * common-post-build-arch:: fail if the test suites fail. * Fix location of vendor dir in configure option. /usr/lib[...], not usr/lib[...]. * New upstream release: 1.9.1.243. + 090301_r22440_OCSP_basic_verify.dpatch no longer needed (was a backport) + Updated debian/generated-incs/*. * Added 090729_fix_Makefile_deps.dpatch: add dependency in common.mk between do-install-nodoc and $(PROGRAM). * Handle DEB_BUILD_OPTIONS="nocheck" to allow to skip the test suite. * Move manpages to debian/manpages/ * Started the rename from *1.9 to *1.9.1: source package and binary packages done. * Fix building on lpia (Fixes: #532057). * Disable the test suite on hppa since it blocks because of strange signal semantics. * Bumped Standards-Version to 3.8.2. No changes needed. * Agree with ftpmaster's overrides. Checksums-Sha1: b02cea544532243faed45b45242b03e2cd934db6 1721 ruby1.9.1_1.9.1.243-1.dsc 9545c175cc72a64cf5efb6f5c0a4a6760ef599e9 9043825 ruby1.9.1_1.9.1.243.orig.tar.gz b90b863e7a4630fa225e8529991b25b834ebe3dd 48297 ruby1.9.1_1.9.1.243-1.diff.gz 699b4eaf2654af0a0e8b4316e90c638c258e382c 617258 ruby1.9.1-examples_1.9.1.243-1_all.deb 8272c2bb08a00f05412245e6a7fd11042b0c2378 583306 ruby1.9.1-elisp_1.9.1.243-1_all.deb d5e7e27c5862a3be4e398d5d0cf846e1395783a4 1645356 ri1.9.1_1.9.1.243-1_all.deb 417e828bdddb353ae31df002eb51175474261933 681640 rdoc1.9.1_1.9.1.243-1_all.deb 895bee7cfd00071db01a839d7eb5539e2c807f71 608900 irb1.9.1_1.9.1.243-1_all.deb a98deeb1edd8c38b5df3116655c26a83f0a2ddcf 588880 ruby1.9.1_1.9.1.243-1_amd64.deb 6e39bae0019f4d31c11e895abfd6112ee5fa0558 3573038 libruby1.9.1_1.9.1.243-1_amd64.deb 4f1a0c5913ecb83a29d7d332c4ad09016ada83b7 3643896 libruby1.9.1-dbg_1.9.1.243-1_amd64.deb e6a0d66925444f9e524e42bd48aea3c24d3d4a97 1560630 ruby1.9.1-dev_1.9.1.243-1_amd64.deb 00d0a7008c863c3b6cbd3913f866bc66c8b63a12 569746 libdbm-ruby1.9.1_1.9.1.243-1_amd64.deb 2f0a14037836200a09e1d0d11ee8064e233370e6 568652 libgdbm-ruby1.9.1_1.9.1.243-1_amd64.deb 5ff88cc27efc046432d5536088ebd89c6a8c207d 571564 libreadline-ruby1.9.1_1.9.1.243-1_amd64.deb 6e0bb6d31c44fa3737154f76a3ce72dab010a7e3 2292192 libtcltk-ruby1.9.1_1.9.1.243-1_amd64.deb 1d434e7bc06942913c9d1d993173743c6d0c144f 691922 libopenssl-ruby1.9.1_1.9.1.243-1_amd64.deb Checksums-Sha256: a71882095b98ab998392d3f503ce5ac9be33aa2fd761901c2618251435c6377d 1721 ruby1.9.1_1.9.1.243-1.dsc 31598e37b3962643bec722921644957be6f8fb9a26f6c91fa627bd668ea68be4 9043825 ruby1.9.1_1.9.1.243.orig.tar.gz 0fcfdbda2a8bfdcbfa547fee4622774284c41d9e89ff2f706b3bb164f572b95d 48297 ruby1.9.1_1.9.1.243-1.diff.gz 7ca44a3126399abe95df79a99b2eebd88b70d94f9f3ac9c66f3acc2efe23f097 617258 ruby1.9.1-examples_1.9.1.243-1_all.deb 82241283160b2311fbb443cf42a03f6745666f0ce436ecf13346866f6e41ef87 583306 ruby1.9.1-elisp_1.9.1.243-1_all.deb 9bb4b06560f88e5494f971e4d4e3aa4c146aeb2b421a21772c0d55a1fd7a0e20 1645356 ri1.9.1_1.9.1.243-1_all.deb 35d994486c4fb0f4b23d8767042b5ab1920170eddaa32910740e321bdf8ee8fd 681640 rdoc1.9.1_1.9.1.243-1_all.deb 4cd6097261a1fecf09cf0aad6e4730d3dd922f189335e40e131997b829c228c8 608900 irb1.9.1_1.9.1.243-1_all.deb e3dd27c7cfe0efd4ffbe2786aa1c38447052390c8204674680f41d9de3fe9170 588880 ruby1.9.1_1.9.1.243-1_amd64.deb d91b8e6acb33288102804b6c35a770abd9c7ace78ad20593cef6b4aec4b804a6 3573038 libruby1.9.1_1.9.1.243-1_amd64.deb 3a1b4915d9387895747b863c73cd4947f9f625239358263d3e3f876cab8e4871 3643896 libruby1.9.1-dbg_1.9.1.243-1_amd64.deb 04fc2ea0c15c0d5cf7d5f720164088d7aee2f321539dca890f441cfe74c1eb3f 1560630 ruby1.9.1-dev_1.9.1.243-1_amd64.deb 43c271eef57d743b6b50942662a42de76640d13c08c4945370ba570893d1846d 569746 libdbm-ruby1.9.1_1.9.1.243-1_amd64.deb c6dbc568cecda9e476f15b6974bcaf85196ed5f6c925930372aad1550b395f1f 568652 libgdbm-ruby1.9.1_1.9.1.243-1_amd64.deb f3f494e746892722dbe0f0d9d77b412da9dc2426054089c87c655bf42ef2b2c1 571564 libreadline-ruby1.9.1_1.9.1.243-1_amd64.deb d36573766395f9dacb3c82952b641bf7b06c7f55ce5588debc1794b5a79e2a99 2292192 libtcltk-ruby1.9.1_1.9.1.243-1_amd64.deb 541ff6fa231f7f752e38b38249a154b32a5ed5edb7626c8f81f3b8d297a3b63a 691922 libopenssl-ruby1.9.1_1.9.1.243-1_amd64.deb Files: b6f040569a9badcd5df8d436580b06f0 1721 ruby optional ruby1.9.1_1.9.1.243-1.dsc 515bfd965814e718c0943abf3dde5494 9043825 ruby optional ruby1.9.1_1.9.1.243.orig.tar.gz 852405975283419ea5917a24f757e69b 48297 ruby optional ruby1.9.1_1.9.1.243-1.diff.gz 4035dbc8e527786efb34a62e7a14b4a6 617258 ruby optional ruby1.9.1-examples_1.9.1.243-1_all.deb 3caa329b700d66f50fa0f4b495070f02 583306 ruby optional ruby1.9.1-elisp_1.9.1.243-1_all.deb 6bd4d9d1bb11dfc2f5788a2bff18d1dd 1645356 ruby optional ri1.9.1_1.9.1.243-1_all.deb b7b1ed9d4ec7ea86504d0f23976b59aa 681640 doc optional rdoc1.9.1_1.9.1.243-1_all.deb 53c9686178777565d0e848ece4c9a52c 608900 ruby optional irb1.9.1_1.9.1.243-1_all.deb 3e20932245a0f6dbbc6ec084a8c73c2e 588880 ruby optional ruby1.9.1_1.9.1.243-1_amd64.deb a5ab665f0368892ca89d87abfdb5b3d9 3573038 libs optional libruby1.9.1_1.9.1.243-1_amd64.deb 0e3e5bcbaed01101db9517ff77ba9ddb 3643896 debug extra libruby1.9.1-dbg_1.9.1.243-1_amd64.deb 510c49cceb9693767c7b457acb42fca4 1560630 ruby optional ruby1.9.1-dev_1.9.1.243-1_amd64.deb c8f0951429863868da55924f95db7bcc 569746 ruby optional libdbm-ruby1.9.1_1.9.1.243-1_amd64.deb 88cd62546e455f1b51b886834c1ea8b9 568652 ruby optional libgdbm-ruby1.9.1_1.9.1.243-1_amd64.deb 02d51783e2d1b3a9a40fc6e00b3855ae 571564 ruby optional libreadline-ruby1.9.1_1.9.1.243-1_amd64.deb b4f3eb28930a124e77b8f1f0351b6a5a 2292192 ruby optional libtcltk-ruby1.9.1_1.9.1.243-1_amd64.deb 79323f7af87b8ffcf966139d80087b1b 691922 ruby optional libopenssl-ruby1.9.1_1.9.1.243-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkp86UsACgkQNcPj+ukc0lDV+gCeIzARduUWdw4I1g/MB1wHyXmn c80An0QG495m29R7/Q4xnKnZHOuGngOn =4egu -----END PGP SIGNATURE-----
--- End Message ---
