Your message dated Wed, 09 Jan 2013 21:48:27 +0000 with message-id <e1tt3vb-00042r...@franck.debian.org> and subject line Bug#697744: fixed in ruby-activerecord-3.2 3.2.6-4 has caused the Debian Bug report #697744, regarding ruby-activerecord-3.2: CVE-2013-0155 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 697744: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697744 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ruby-activerecord-3.2 Severity: grave Tags: security Justification: user security hole Please see http://www.openwall.com/lists/oss-security/2013/01/08/13 "rails" from stable should not be affected, but please double-check. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: ruby-activerecord-3.2 Source-Version: 3.2.6-4 We believe that the bug you reported is fixed in the latest version of ruby-activerecord-3.2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 697...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Antonio Terceiro <terce...@debian.org> (supplier of updated ruby-activerecord-3.2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 09 Jan 2013 18:18:07 -0300 Source: ruby-activerecord-3.2 Binary: ruby-activerecord-3.2 Architecture: source all Version: 3.2.6-4 Distribution: unstable Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Antonio Terceiro <terce...@debian.org> Description: ruby-activerecord-3.2 - object-relational mapper framework (part of Rails) Closes: 697744 Changes: ruby-activerecord-3.2 (3.2.6-4) unstable; urgency=high . * debian/patches/CVE-2013-0155.patch: fix Unsafe Query Generation Risk [CVE-2013-0155] (Closes: #697744). Checksums-Sha1: 8875732d11430ef841d502b42a05f32eb1679733 1645 ruby-activerecord-3.2_3.2.6-4.dsc c58e6f67cdb6cd2e10cdeb82ae547aa77ee9a341 4264 ruby-activerecord-3.2_3.2.6-4.debian.tar.gz c3e447c369b7f806bff366c4d8e76504f2332dd4 393530 ruby-activerecord-3.2_3.2.6-4_all.deb Checksums-Sha256: a2276ffcea1b296a18c4001f21381de89da2a18164cacc79a7aa51fb745f97a1 1645 ruby-activerecord-3.2_3.2.6-4.dsc b6ddaea38144c3b1a0d63a1203bdeebd5b90f9768cb5d26492548e9d3de3963f 4264 ruby-activerecord-3.2_3.2.6-4.debian.tar.gz ee6bd4e6c16a4ddb4769027583fd2bb8c79fba7c704f17e782fd507ba29ccde8 393530 ruby-activerecord-3.2_3.2.6-4_all.deb Files: db8378d85c7f1280d5e4bf8cf26e0d46 1645 ruby optional ruby-activerecord-3.2_3.2.6-4.dsc e07e6592bc2e8c524200aa07204aa828 4264 ruby optional ruby-activerecord-3.2_3.2.6-4.debian.tar.gz a4ab092bcf8dbbb6d39612cefb8badf5 393530 ruby optional ruby-activerecord-3.2_3.2.6-4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlDt43kACgkQDOM8kQ+cso/NSgCfRRkAS+acgfIvVoyGV0FIE/rG IXYAnRFGSnxm0z+/Y2HVg61L2/RMOMlX =ElWk -----END PGP SIGNATURE-----
--- End Message ---
