Your message dated Tue, 03 Jan 2012 22:09:10 +0000
with message-id <e1ricxe-0000zs...@franck.debian.org>
and subject line Bug#653963: fixed in ruby-rack 1.4.0-1
has caused the Debian Bug report #653963,
regarding ruby-rack predictable hash collisions
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
653963: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653963
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ruby-rack
Severity: serious
Tags: security
Hi,
It was reported that Rack is affected by the predictable hash collisions
attack that made its rounds around the net this week. This is tracked at
http://security-tracker.debian.org/tracker/CVE-2011-5036
Can you ensure that fixed packages are uploaded to sid as soon as possible?
Cheers,
Thijs
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: ruby-rack
Source-Version: 1.4.0-1
We believe that the bug you reported is fixed in the latest version of
ruby-rack, which is due to be installed in the Debian FTP archive:
librack-ruby1.8_1.4.0-1_all.deb
to main/r/ruby-rack/librack-ruby1.8_1.4.0-1_all.deb
librack-ruby1.9.1_1.4.0-1_all.deb
to main/r/ruby-rack/librack-ruby1.9.1_1.4.0-1_all.deb
librack-ruby_1.4.0-1_all.deb
to main/r/ruby-rack/librack-ruby_1.4.0-1_all.deb
ruby-rack_1.4.0-1.debian.tar.gz
to main/r/ruby-rack/ruby-rack_1.4.0-1.debian.tar.gz
ruby-rack_1.4.0-1.dsc
to main/r/ruby-rack/ruby-rack_1.4.0-1.dsc
ruby-rack_1.4.0-1_all.deb
to main/r/ruby-rack/ruby-rack_1.4.0-1_all.deb
ruby-rack_1.4.0.orig.tar.gz
to main/r/ruby-rack/ruby-rack_1.4.0.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 653...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Paul van Tilburg <pau...@debian.org> (supplier of updated ruby-rack package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 03 Jan 2012 22:39:13 +0100
Source: ruby-rack
Binary: ruby-rack librack-ruby1.9.1 librack-ruby1.8 librack-ruby
Architecture: source all
Version: 1.4.0-1
Distribution: unstable
Urgency: low
Maintainer: Debian Ruby Extras Maintainers
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Paul van Tilburg <pau...@debian.org>
Description:
librack-ruby - Transitional package for ruby-rack
librack-ruby1.8 - Transitional package for ruby-rack
librack-ruby1.9.1 - Transitional package for ruby-rack
ruby-rack - Modular Ruby webserver interface
Closes: 653963
Changes:
ruby-rack (1.4.0-1) unstable; urgency=low
.
* New upstream release (closes: #653963).
Checksums-Sha1:
bcd3dd59d61818b391ecef310ad3a7b4679437fd 1598 ruby-rack_1.4.0-1.dsc
2825921318a8b4609cb3421a49afb460cf70b7cf 167513 ruby-rack_1.4.0.orig.tar.gz
a9a55fe75f27bd35ddb1dfe90ad350403183dbfc 4944 ruby-rack_1.4.0-1.debian.tar.gz
48f91127350bee9f203d13d6ed1c56ff737719a8 79832 ruby-rack_1.4.0-1_all.deb
cb022c1ce17f61f104a54ad9be89e1d8f3ff97c2 3580 librack-ruby1.9.1_1.4.0-1_all.deb
77531182b9eca8c17d78dfce6630a4da515e35d9 3574 librack-ruby1.8_1.4.0-1_all.deb
73a12be78bf527f61007587299c6d47c6234ea12 3568 librack-ruby_1.4.0-1_all.deb
Checksums-Sha256:
fa78cb86ae36562bd1fa9b98fc6570bf654d0b8de20384af3fa91fdbfc355fc6 1598
ruby-rack_1.4.0-1.dsc
36dac4972d3ada61d6194955a33e60928c37ad3e29c1a0325ee821e229564b74 167513
ruby-rack_1.4.0.orig.tar.gz
69e1c16730031491862743f8881f3b34dd20656dbf06df51d6e5111f96dc7b39 4944
ruby-rack_1.4.0-1.debian.tar.gz
31c79b5cbf7f00804599e954e783996211a8f9195201d2cc18bca4661c071de8 79832
ruby-rack_1.4.0-1_all.deb
d7795822d70c5b07dae0e5957c46b0782606a22501fcb3e25b67808d02fbbfc3 3580
librack-ruby1.9.1_1.4.0-1_all.deb
3b107b65464f592041aa9f73e1fcf473fd9b2999c7ccba80c2dbca4e29d769ff 3574
librack-ruby1.8_1.4.0-1_all.deb
479fdffa854fddf4e2e727b5a1afc918b717388bc2e62e4a9235f59bfe3ce7e1 3568
librack-ruby_1.4.0-1_all.deb
Files:
aba47141b8066dc1ef0c933fceea54c3 1598 ruby optional ruby-rack_1.4.0-1.dsc
6dd2c1ce9008972001abe8d18456881a 167513 ruby optional
ruby-rack_1.4.0.orig.tar.gz
781c47bb03e15615b85aab662ea03713 4944 ruby optional
ruby-rack_1.4.0-1.debian.tar.gz
198c85d38461b45dbeb0ab407b90f71f 79832 ruby optional ruby-rack_1.4.0-1_all.deb
2c0812903bad56273e1c9aacfc3ce294 3580 oldlibs extra
librack-ruby1.9.1_1.4.0-1_all.deb
b713016611fca252002901ca287a564b 3574 oldlibs extra
librack-ruby1.8_1.4.0-1_all.deb
e31bab2d520043172fd40513219ad41f 3568 oldlibs extra
librack-ruby_1.4.0-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk8DeTgACgkQJBBhylAGQYEEtwCfUhftFA7dSwR/WDersJWm6WTH
JJAAn2t0yXVBe8S3mQ6oVStCDyVsRlh4
=wvPt
-----END PGP SIGNATURE-----
--- End Message ---
