Your message dated Fri, 13 Apr 2012 14:51:47 +0000
with message-id <e1sihql-00037b...@franck.debian.org>
and subject line Bug#668607: fixed in ruby-actionpack-2.3 2.3.14-3
has caused the Debian Bug report #668607,
regarding CVE-2012-1098 / CVE-2012-1099
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
668607: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668607
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: rails
Severity: grave
Tags: security
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1e3d04e913?pli=1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099:
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/9da0c515a6c4664
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: ruby-actionpack-2.3
Source-Version: 2.3.14-3
We believe that the bug you reported is fixed in the latest version of
ruby-actionpack-2.3, which is due to be installed in the Debian FTP archive:
ruby-actionpack-2.3_2.3.14-3.debian.tar.gz
to main/r/ruby-actionpack-2.3/ruby-actionpack-2.3_2.3.14-3.debian.tar.gz
ruby-actionpack-2.3_2.3.14-3.dsc
to main/r/ruby-actionpack-2.3/ruby-actionpack-2.3_2.3.14-3.dsc
ruby-actionpack-2.3_2.3.14-3_all.deb
to main/r/ruby-actionpack-2.3/ruby-actionpack-2.3_2.3.14-3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 668...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <ond...@debian.org> (supplier of updated ruby-actionpack-2.3
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 13 Apr 2012 15:39:31 +0200
Source: ruby-actionpack-2.3
Binary: ruby-actionpack-2.3
Architecture: source all
Version: 2.3.14-3
Distribution: unstable
Urgency: low
Maintainer: Debian Ruby Extras Maintainers
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Ondřej Surý <ond...@debian.org>
Description:
ruby-actionpack-2.3 - Controller and View framework used by Rails
Closes: 668607
Changes:
ruby-actionpack-2.3 (2.3.14-3) unstable; urgency=low
.
* Fix vulnerability for users that generate their own options tags for
use with the select helper in Ruby On Rails [CVE-2012-1099]
(Closes: #668607)
Checksums-Sha1:
60fba8512b3cb5c6fc890aee5504825fc8aa6224 1674 ruby-actionpack-2.3_2.3.14-3.dsc
02ef53c4369a84e7d8f0fded2921208623b4c00a 10618
ruby-actionpack-2.3_2.3.14-3.debian.tar.gz
ffa2be2ed35e4c1339c3d6e79bf4a33ce21ee4cb 367178
ruby-actionpack-2.3_2.3.14-3_all.deb
Checksums-Sha256:
d78549402dfc8398d53a972c8217a327d12b840baff9d5d579a824f51164f5f7 1674
ruby-actionpack-2.3_2.3.14-3.dsc
5cc5a4371905fa9faa448e2f158dde2a28dfb81351180d737d1fe732ed9e05ee 10618
ruby-actionpack-2.3_2.3.14-3.debian.tar.gz
c1c5dd1f13d8082ac3d69db62780aeb80b33cb2456cd29cde684e5d70bca18ae 367178
ruby-actionpack-2.3_2.3.14-3_all.deb
Files:
ff7fb7c89e3ac8d4e253c36103ed6196 1674 ruby optional
ruby-actionpack-2.3_2.3.14-3.dsc
4bddf2c94ac9475eee1a838cabce6921 10618 ruby optional
ruby-actionpack-2.3_2.3.14-3.debian.tar.gz
ee604a885d8341301c384040f3f4d65f 367178 ruby optional
ruby-actionpack-2.3_2.3.14-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk+ILxAACgkQ9OZqfMIN8nMpAACdEsxoaSTnocYX/kk3WwP/3qfC
8jUAnjqvV2ebYmrWFx/kbOTU1WBd3r+r
=wMC9
-----END PGP SIGNATURE-----
--- End Message ---
