Your message dated Wed, 27 Feb 2013 08:47:31 +0000 with message-id <e1uacfj-0002n9...@franck.debian.org> and subject line Bug#698440: fixed in ruby-rack 1.4.1-2.1 has caused the Debian Bug report #698440, regarding ruby-rack: CVE-2012-6109 CVE-2013-0184 CVE-2013-0183 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 698440: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698440 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ruby-rack Severity: grave Tags: security Justification: user security hole Please see these links for details: http://seclists.org/oss-sec/2013/q1/80 http://seclists.org/oss-sec/2013/q1/83 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: ruby-rack Source-Version: 1.4.1-2.1 We believe that the bug you reported is fixed in the latest version of ruby-rack, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 698...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. KURASHIKI Satoru <lur...@gmail.com> (supplier of updated ruby-rack package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 20 Feb 2013 20:56:31 +0900 Source: ruby-rack Binary: ruby-rack librack-ruby1.9.1 librack-ruby1.8 librack-ruby Architecture: source all Version: 1.4.1-2.1 Distribution: unstable Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: KURASHIKI Satoru <lur...@gmail.com> Description: librack-ruby - Transitional package for ruby-rack librack-ruby1.8 - Transitional package for ruby-rack librack-ruby1.9.1 - Transitional package for ruby-rack ruby-rack - Modular Ruby webserver interface Closes: 698440 700173 Changes: ruby-rack (1.4.1-2.1) unstable; urgency=high . [ KURASHIKI Satoru ] * Non-maintainer upload. * Create cherry-picked patches for Security Fix (Closes: #700173 #700226). - CVE-2013-0262: 0004-Prevent-symlink-path-traversals.patch - CVE-2013-0263: 0005-Use-secure_compare-for-hmac-comparison.patch . [ Youhei SASAKI ] * Create cherry-picked patches for Security Fix (Closes: #698440). - CVE-2012-6109: 0001-Fix-parsing-performance-for-unquoted-filenames.patch - CVE-2013-0183: 0002-multipart-parser-avoid-unbounded-gets-method.patch - CVE-2013-0184: 0003-Reimplement-auth-scheme-fix.patch Checksums-Sha1: 9a3d309ba4a5e28c4704bdfe4b9ef3f0c59683ac 2296 ruby-rack_1.4.1-2.1.dsc 6af3e111e057eb2bce94f84c0a1ba178f2554a46 10188 ruby-rack_1.4.1-2.1.debian.tar.gz 792c22ac4c9749809bd6ef9898ae067c50e78081 82104 ruby-rack_1.4.1-2.1_all.deb 0dd02e0fff3e0272c99fc54d9e71f6a7289e08f5 4062 librack-ruby1.9.1_1.4.1-2.1_all.deb e4db038dfa727071b9164bde1683271a2af9d685 4062 librack-ruby1.8_1.4.1-2.1_all.deb 4551ba38658cd22f2ea6477e6ebe48c19445a9c8 4054 librack-ruby_1.4.1-2.1_all.deb Checksums-Sha256: 5a862fc25cd10be8e1a6a995e9b3026b8b4c179f96f71fb0d82685adc0fd1d27 2296 ruby-rack_1.4.1-2.1.dsc bde86e2666452bab7366eb9795975d51c559bc53791fefedbcfd53c55777d4cd 10188 ruby-rack_1.4.1-2.1.debian.tar.gz cea57d69381165645821e448805bab849116debc7ebd4d311dcb29ca8218995c 82104 ruby-rack_1.4.1-2.1_all.deb 93c466d51d6a045a178e7a943ee7a1a2911b315bb9a152e3d64cdf0a4a738521 4062 librack-ruby1.9.1_1.4.1-2.1_all.deb 68634886631f95701cac203a844d66778504dbf487fba894b44132dc09e395e4 4062 librack-ruby1.8_1.4.1-2.1_all.deb 8ba9cbc2c956f13cd0ddb990bc730d674fa6c011415e081601c91e046c06d6a9 4054 librack-ruby_1.4.1-2.1_all.deb Files: 5a8aec59ccabd8a6c1a46e48dc809a95 2296 ruby optional ruby-rack_1.4.1-2.1.dsc 0504150d496de77471904eb97f398dec 10188 ruby optional ruby-rack_1.4.1-2.1.debian.tar.gz e51a35b0965eefc77a76a99e757cafab 82104 ruby optional ruby-rack_1.4.1-2.1_all.deb c1ed80cb81d4860df8f25ef4ef5fbcbd 4062 oldlibs extra librack-ruby1.9.1_1.4.1-2.1_all.deb 5c2f366fb42573ecd4c5da8aede17c02 4062 oldlibs extra librack-ruby1.8_1.4.1-2.1_all.deb e926fa8545dad99397b6a90ac96d4f60 4054 oldlibs extra librack-ruby_1.4.1-2.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRLb3wAAoJEDIkf7tArR+mlmQP/35GAzLhoWXOzzxIL5qO/XRq vUSLSq2Qm9+OBED3hpzxTLsGRwjwsSPov9Scefn5g/qy6c9xEAbfXqBSwo7zzvfv sH6DeCPcBuRNxO7Ynx+zrnGDmOmWmIJBKWvsPsAIp6KF7eWfgxKmiWhjce0OETgw YNbgfDrskargQIwWq8u4TPv0A2oS7dE3sQbxKP6Ecp3PP+mQOl9oziu99b8iaU1a 4LlTohjMaB8MjgXKm6exuBpb+GDUvt8q/W9S3d9a9qQf0DyDX3yZwPuZhjirdw2a yhFtr+h73HTGybhGmslFjGoAdKdu0Sj+6XaFM3/bEjPvIIa/H3VGzU61D2msrFnN YuVq2Ta2HTVIjuD8h/AGMKUXB3Q9qz0O8sYOx1T9HgkehewlVGc4h7CJjaooc609 7iN7B6grHf5U6MAXL5708jqNQNSa1uTL9WJM7SPvAxBPmtPnnrdnofigNqCx3niG k5Gze8H2QrHGle3Ri25nQcA4PNPJug5d+Q/P5ZnT1KWFgDY6AKYr0cyWYCavQrUL vRdPZnMi3w8fGL2ILEwy/kQmqo7gEoHtIwMg7SQDrgA0+2uoShxkvLL1FUVuujWA n1A0SLi0eDaTI0M+gQ7iwcJXWfHsY64xFEGUHcvMGfPft/atBbblyEDrvkUopM2C Nc6RYYRb8+Qrn/lJO4yE =gjB6 -----END PGP SIGNATURE-----
--- End Message ---
