Your message dated Wed, 06 Mar 2013 12:47:41 +0000 with message-id <e1uddkz-0004nj...@franck.debian.org> and subject line Bug#702217: fixed in ruby-openid 2.1.8debian-6 has caused the Debian Bug report #702217, regarding CVE-2013-1812: DoS to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 702217: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702217 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ruby-openid Severity: grave Tags: security Justification: user security hole This was assigned CVE-2013-1812: https://github.com/openid/ruby-openid/pull/43 Patch: https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: ruby-openid Source-Version: 2.1.8debian-6 We believe that the bug you reported is fixed in the latest version of ruby-openid, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 702...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cédric Boutillier <cedric.boutill...@gmail.com> (supplier of updated ruby-openid package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 06 Mar 2013 11:56:30 +0100 Source: ruby-openid Binary: ruby-openid libopenid-ruby libopenid-ruby1.8 Architecture: source all Version: 2.1.8debian-6 Distribution: unstable Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Cédric Boutillier <cedric.boutill...@gmail.com> Description: libopenid-ruby - Transitional package for ruby-openid libopenid-ruby1.8 - Transitional package for ruby-openid ruby-openid - Ruby library for verifying and serving OpenID identities Closes: 702217 Changes: ruby-openid (2.1.8debian-6) unstable; urgency=high . * Urgency set to high as a security bug is fixed. * debian/patches: - add 02_fix_CVE-2013-1812.patch from upstream: limit fetching file size and disable XML entity expansion. [CVE-2013-1812] (Closes: #702217). Checksums-Sha1: de62516374d5f6af241eed9b5c70343f06db4843 2241 ruby-openid_2.1.8debian-6.dsc a9a34df579092425e846997dfcd504f604b3f24b 8729 ruby-openid_2.1.8debian-6.debian.tar.gz 28830866de141156cdcc3a44829e9a4db0d02e93 137198 ruby-openid_2.1.8debian-6_all.deb af43257d7d090b81d2627aefbbaf6259902da3de 8100 libopenid-ruby_2.1.8debian-6_all.deb 7eafbe5d4886810fca5ae4639d8c2aa5f0e40945 8100 libopenid-ruby1.8_2.1.8debian-6_all.deb Checksums-Sha256: 023f74f8f792c517a6e058f7da57b1067f746f51b34d8e876ee02b62d6348867 2241 ruby-openid_2.1.8debian-6.dsc 0ce0d7c63a2543b1116342bf0b73757ddfb0206ae1a4e0a054a3419f90e7d2cb 8729 ruby-openid_2.1.8debian-6.debian.tar.gz 5b70cf83581862e5e8cae9d3e17d1b5f8d616019af6d0264f984f8976c061518 137198 ruby-openid_2.1.8debian-6_all.deb 640e188f78cffcf9f4e0129e46b3b654c4511de0b596a958b47b656c0a5b159a 8100 libopenid-ruby_2.1.8debian-6_all.deb 4ac2033dec71d0370dfe167ed9047c9df8b597217a12e61e368daa765b3763c4 8100 libopenid-ruby1.8_2.1.8debian-6_all.deb Files: eb9633c5ce618e73424c8a7443faf72b 2241 ruby optional ruby-openid_2.1.8debian-6.dsc d4d79f66c8daefe93b56f62cbe395272 8729 ruby optional ruby-openid_2.1.8debian-6.debian.tar.gz 4c83e17ec3a4b383d19cb9087869f74f 137198 ruby optional ruby-openid_2.1.8debian-6_all.deb 25e6fb86d632ef5fb28440cc44091592 8100 oldlibs extra libopenid-ruby_2.1.8debian-6_all.deb 6eb98fecaf5189ab30bdb0e38b42da57 8100 oldlibs extra libopenid-ruby1.8_2.1.8debian-6_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJRNzlSAAoJENpJWPYR4UnpPLYP/0ZIRf1b95YHvnkGCEKHIuCO pxsD4tozVehKfAq4u/2UAuNQUuIGXABcstKJ+D14IlKLbZpyJQvH25GG6bP9wD/K /0+ceoyU81HCBIOjs5e3HL/jSPPkDfSPWngUhzOGKDu+P/J4QZ1FM+7lLHiDGkck yEuGTCYeCscfUyeE+bKjt8uqtcJWmFlzzKR/eYSG/NDKPgngWaTGXlQEg082DVg9 7HrczJU8JB5qF7RNe5+CtzLKiFCkJsuOe9Sh04g381bPcLEiL3GEQeg/PuBFh70N dPIbPltD16sisspgJdybL54GiOnYnb7G+T7180YU6B9DKCuvuIBUVWvDkk3ge95J 6YdfTQm6RWk/c7+db2X8uSYWNrW0UcR77O5yIK8xoPFUg4jpX3MzCPigHN3I/Yqd irS7p2ELrum0vewiH/8SMP20SOtyWiLZrcfqCLU30f+iBqW78A5Vp3fEYS57Qvqc DoXz8qCmOK0TlMwJz9e6wGkNKtP985btP6BKg3dBS9lZq/5hvf+mq3BcM8/Lyg8B Mu5AnhahWvkfjHsBm3jh3dkU2r+7Iq60sa32NVD16G0rk2acytFr3Fjk5UzgiR9n i01nYazGqO7k74KNNwrmiYckkoUWHLttTkWQHYvbMyOi75+1MT/qB66FWPSJavWY fgzdSCJaKdxEkXRaUVgQ =Zjgj -----END PGP SIGNATURE-----
--- End Message ---
