Your message dated Fri, 11 Sep 2009 22:38:20 +0000
with message-id <e1mmel2-0003u5...@ries.debian.org>
and subject line Bug#545063: fixed in rails 2.2.3-1
has caused the Debian Bug report #545063,
regarding Security fixes (incl. CVE-2009-3009)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
545063: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: rails
Version: 2.1, 2.2
Tags: security
Severity: grave
Rails in stable and testing are probably affected by:
http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails
http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails
Fixes have been released today.
Keep smiling
yanosz
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: rails
Source-Version: 2.2.3-1
We believe that the bug you reported is fixed in the latest version of
rails, which is due to be installed in the Debian FTP archive:
rails_2.2.3-1.diff.gz
to pool/main/r/rails/rails_2.2.3-1.diff.gz
rails_2.2.3-1.dsc
to pool/main/r/rails/rails_2.2.3-1.dsc
rails_2.2.3-1_all.deb
to pool/main/r/rails/rails_2.2.3-1_all.deb
rails_2.2.3.orig.tar.gz
to pool/main/r/rails/rails_2.2.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 545...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adam Majer <ad...@zombino.com> (supplier of updated rails package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 11 Sep 2009 13:53:42 -0500
Source: rails
Binary: rails
Architecture: source all
Version: 2.2.3-1
Distribution: unstable
Urgency: high
Maintainer: Adam Majer <ad...@zombino.com>
Changed-By: Adam Majer <ad...@zombino.com>
Description:
rails - MVC ruby based framework geared for web application development
Closes: 538982 545063
Changes:
rails (2.2.3-1) unstable; urgency=high
.
* New upstream release (closes: #545063)
+ Fixes XSS security hole [CVE-2009-3009]
+ Fixes timing issue with cookie store [CVE-2009-3086]
* Remove dependency on ruby-dbi, as it is not required by any of the
sources.
* Correct dependency on fixed libxml-simple-ruby to 1.0.11-2 or later
(closes: #538982)
* debian/control
+ Change section from web to ruby
+ Updated to debhelper 7.0+
+ Standards updated to 3.8.3 - no changes
Checksums-Sha1:
c103547f2fb632f4aa9e2807121ba0bd7c36b22a 1252 rails_2.2.3-1.dsc
4e092e34beeebe376b204f75dc6d5364364c0314 3042735 rails_2.2.3.orig.tar.gz
90125f29d38e20fe649769f73de732b211ab3fbb 13592 rails_2.2.3-1.diff.gz
0eee5721fb52aac2bc0c65e2f050abafe7998a50 3437430 rails_2.2.3-1_all.deb
Checksums-Sha256:
9eb7c66982db8288c87e118687c486dbc56e7557cf1b61b06c71761d11f0a4fd 1252
rails_2.2.3-1.dsc
c79b0690d8079bea4fab3c7f01c73b5cc1bf6678d967c740ed0aac61789e8ba7 3042735
rails_2.2.3.orig.tar.gz
5948a2f87d3ef6cb235a3d05144eebeaa076d0258b9c7ea47d79a8977d9df161 13592
rails_2.2.3-1.diff.gz
b0e3093dff6014b049e400aa6e61daf5c551012dcba476553f715e2586b6bffa 3437430
rails_2.2.3-1_all.deb
Files:
c7d28306e5a8626342d3b0a829bd0366 1252 ruby optional rails_2.2.3-1.dsc
56640ae2ce3e5a8fd4eafd7617b6cb74 3042735 ruby optional rails_2.2.3.orig.tar.gz
927f5aa729f0c56d4f33a29ac88e0555 13592 ruby optional rails_2.2.3-1.diff.gz
7934c6fa9c8f39fd9a58e5e5b6259510 3437430 ruby optional rails_2.2.3-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqqt98ACgkQ73/bNdaAYUWPdQCffEOYh47f1HxRdySp1cXJjO9n
NysAn070ju1bHpbnbc1H/WOUtZisUZaF
=blp3
-----END PGP SIGNATURE-----
--- End Message ---
