Your message dated Tue, 12 Feb 2013 19:48:47 +0000 with message-id <e1u5lqr-0007oc...@franck.debian.org> and subject line Bug#699929: fixed in ruby1.9.1 1.9.3.194-6 has caused the Debian Bug report #699929, regarding ruby1.9.1: CVE-2013-0256 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699929: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699929 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ruby1.9.1 Severity: grave Tags: security, patch Justification: user security hole X-Debbugs-CC: t...@security.debian.org Hi, Ruby 1.9.3-p385 is released. This contains the problem of CVE-2013-0256. Please see these links for details: http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/ And I created a patch which revise this. I attached. Best regards, Nobuhiro -- Nobuhiro Iwamatsu iwamatsu at {nigauri.org / debian.org} GPG ID: 40AD1FA6
--- End Message ---
--- Begin Message ---Source: ruby1.9.1 Source-Version: 1.9.3.194-6 We believe that the bug you reported is fixed in the latest version of ruby1.9.1, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 699...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Antonio Terceiro <terce...@debian.org> (supplier of updated ruby1.9.1 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 12 Feb 2013 16:00:30 -0300 Source: ruby1.9.1 Binary: ruby1.9.1 libruby1.9.1 libruby1.9.1-dbg ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ri1.9.1 ruby1.9.1-full ruby1.9.3 Architecture: source all amd64 Version: 1.9.3.194-6 Distribution: unstable Urgency: high Maintainer: akira yamada <ak...@debian.org> Changed-By: Antonio Terceiro <terce...@debian.org> Description: libruby1.9.1 - Libraries necessary to run Ruby 1.9.1 libruby1.9.1-dbg - Debugging symbols for Ruby 1.9.1 libtcltk-ruby1.9.1 - Tcl/Tk interface for Ruby 1.9.1 ri1.9.1 - Ruby Interactive reference (for Ruby 1.9.1) ruby1.9.1 - Interpreter of object-oriented scripting language Ruby ruby1.9.1-dev - Header files for compiling extension modules for the Ruby 1.9.1 ruby1.9.1-examples - Examples for Ruby 1.9 ruby1.9.1-full - Ruby 1.9.1 full installation ruby1.9.3 - Interpreter of object-oriented scripting language Ruby, version 1 Closes: 699929 Changes: ruby1.9.1 (1.9.3.194-6) unstable; urgency=high . [Nobuhiro Iwamatsu] * debian/patches/CVE-2013-0256.patch: fix possible cross site scripting vulnerability in documentation generated by RDOC (Closes: #699929) Checksums-Sha1: 10dfc0476953e402059f6ef2fb6bd08e7c47ec16 1994 ruby1.9.1_1.9.3.194-6.dsc 227ef0efb141070bf75d771adce859a78598d2fd 57898 ruby1.9.1_1.9.3.194-6.debian.tar.gz 53d0a01fe4b994c0f490949b8a67b6b4a7ed254b 232932 ruby1.9.1-examples_1.9.3.194-6_all.deb ab884c1b94d37e5d5f46afb448837816e843c957 2172842 ri1.9.1_1.9.3.194-6_all.deb ac20a40db9a3c01da2dfbd8808b30ef1613b56a1 171010 ruby1.9.1-full_1.9.3.194-6_all.deb e259431b9fefa50f57ac98e7b50b1ae3d775bb3c 171584 ruby1.9.3_1.9.3.194-6_all.deb f5e8142c5fe10f0e0098a4884fbb7549dc04eaa2 207940 ruby1.9.1_1.9.3.194-6_amd64.deb dc64e794f9300acf7be8b5de700eda0fabaa12e3 4414402 libruby1.9.1_1.9.3.194-6_amd64.deb 39022ea220b7c8f9507f31d078fd4ac01fb19b56 4558882 libruby1.9.1-dbg_1.9.3.194-6_amd64.deb 2f622177cb73d231c60e524d0024ff12e3e36cbc 1384144 ruby1.9.1-dev_1.9.3.194-6_amd64.deb e9de4290b1b041658e7a4bafd05d74e0a3545f14 1959122 libtcltk-ruby1.9.1_1.9.3.194-6_amd64.deb Checksums-Sha256: e9dc4da10327996c061e5c60b5cc2c0e52606348220ab7cab90686d01c3e219b 1994 ruby1.9.1_1.9.3.194-6.dsc 792be635f7ca904dbba21b452f55892fffd3cd3ef217b9b7ebd1a5385298e913 57898 ruby1.9.1_1.9.3.194-6.debian.tar.gz 419774f01f330e49c755bd715835c9e36dfd2c7b0bd1f48e1119e01e354254cc 232932 ruby1.9.1-examples_1.9.3.194-6_all.deb 89c4e5660b25b5ead7f5e7c3013ff2a6393b1e42cd8092b72e6827ea4c57d633 2172842 ri1.9.1_1.9.3.194-6_all.deb b638765f2ca24ca5740fe645a8c0898984ec1c77f8fdecd11ce6824bdc8b8f6d 171010 ruby1.9.1-full_1.9.3.194-6_all.deb fec40fd8c4a84de4afbb5c1ca37b6710780fb265b60996719ba304da38090ac8 171584 ruby1.9.3_1.9.3.194-6_all.deb 099edb9f8ba800a38934a164f0f6c2b0f8d5a3efb5132ee0c1cc57f9ab3c4f94 207940 ruby1.9.1_1.9.3.194-6_amd64.deb 4c4d708e69af9795b32460f91d8103ae67c449a80c25ccb814f07bbacf7a9ee4 4414402 libruby1.9.1_1.9.3.194-6_amd64.deb 5cc495ead16954dd48cb016e3d8e9becc83ca0f50be23cb4b006d59c8adabea8 4558882 libruby1.9.1-dbg_1.9.3.194-6_amd64.deb 0948fd3b543f2f971ceca6d2e5c22c4d007ef5cb281539b15a42a656bfe85dd3 1384144 ruby1.9.1-dev_1.9.3.194-6_amd64.deb 27e61383791494915999146f3f43d55241f35d1e6abd3bd4532bfde411727091 1959122 libtcltk-ruby1.9.1_1.9.3.194-6_amd64.deb Files: 46f87cdc00d37c29e333dc0a11c02be9 1994 ruby optional ruby1.9.1_1.9.3.194-6.dsc 927918eaa236261eac7a09449f727403 57898 ruby optional ruby1.9.1_1.9.3.194-6.debian.tar.gz b09cc254e8eff54152ecc828b31721f6 232932 ruby optional ruby1.9.1-examples_1.9.3.194-6_all.deb e0294808995d85c0416fede0f01085b4 2172842 ruby optional ri1.9.1_1.9.3.194-6_all.deb f62032d44c137ef1f2dfb0a1cf460912 171010 ruby optional ruby1.9.1-full_1.9.3.194-6_all.deb 6d6d911a3fd0bc037b22a9326014d2f3 171584 ruby optional ruby1.9.3_1.9.3.194-6_all.deb 71521ff86bcd4f14f39aa123786f0032 207940 ruby optional ruby1.9.1_1.9.3.194-6_amd64.deb fe18794af3fe495bfa34ada39fe9df76 4414402 libs optional libruby1.9.1_1.9.3.194-6_amd64.deb 4ea0b8c38c188db3810ea623bd49ec1d 4558882 debug extra libruby1.9.1-dbg_1.9.3.194-6_amd64.deb 86473ed8a036cbd72145b3b11e6a79c3 1384144 ruby optional ruby1.9.1-dev_1.9.3.194-6_amd64.deb c775d0e4a875f90ca36d64571bd01cb1 1959122 ruby optional libtcltk-ruby1.9.1_1.9.3.194-6_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlEamZgACgkQDOM8kQ+cso/waQCgpCMmwdKjYL4hgp2SlHM/xAnh i04AnAupoxg4rllPxTR1+TtwcC0RKG+y =vXZS -----END PGP SIGNATURE-----
--- End Message ---
