Bug#710351: marked as done (ruby-passenger: CVE-2013-2119)

Thu, 30 May 2013 11:28:01 -0700 

Your message dated Thu, 30 May 2013 18:22:49 +0000
with message-id <e1ui7uv-0000eq...@franck.debian.org>
and subject line Bug#710351: fixed in ruby-passenger 3.0.13debian-1.1
has caused the Debian Bug report #710351,
regarding ruby-passenger: CVE-2013-2119
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
710351: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710351
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: ruby-passenger
Severity: grave
Tags: security
Justification: user security hole

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2119
for details and fixes.

This doesn't warrant a a DSA, but can be fixed through a point update.

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: ruby-passenger
Source-Version: 3.0.13debian-1.1

We believe that the bug you reported is fixed in the latest version of
ruby-passenger, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 710...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Geyer <fge...@debian.org> (supplier of updated ruby-passenger package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 30 May 2013 09:27:46 +0200
Source: ruby-passenger
Binary: ruby-passenger libapache2-mod-passenger ruby-passenger-doc
Architecture: source amd64 all
Version: 3.0.13debian-1.1
Distribution: unstable
Urgency: low
Maintainer: Debian Ruby Extras Maintainers 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Felix Geyer <fge...@debian.org>
Description: 
 libapache2-mod-passenger - Rails and Rack support for Apache2
 ruby-passenger - Rails and Rack support for Apache2 and Nginx
 ruby-passenger-doc - Rails and Rack support for Apache2 - Documentation
Closes: 707063 710351
Changes: 
 ruby-passenger (3.0.13debian-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Transition towards Apache 2.4. (Closes: #707063)
     - Build-depend on apache2-dev and apache2.
     - Use apache2 dh helper.
     - Drop libapache2-mod-passenger maintainer scripts, now handled by
       dh_apache2.
   * Fix buiding against glibc 2.17.
     - Add fix_ftbfs_glibc217.patch, cherry-picked from upstream.
   * Fix CVE-2013-2119: insecure temporary file usage. (Closes: #710351)
     - Add CVE-2013-2119.patch, cherry-picked from upstream.
Checksums-Sha1: 
 0b600b4950ccf110744faeb37455f021148eefae 2489 
ruby-passenger_3.0.13debian-1.1.dsc
 a7d2a8dcb2f815a3429cee9161a20802afe6c70a 14140 
ruby-passenger_3.0.13debian-1.1.debian.tar.gz
 b032e21dbbd89590c3a7257fa6bb6d2edaaf4d1b 1514128 
ruby-passenger_3.0.13debian-1.1_amd64.deb
 bd265f8b05215f17f6d2f778b7389cd4d7c2006d 244168 
libapache2-mod-passenger_3.0.13debian-1.1_amd64.deb
 46ad093d1e1936a66a2032cf3c5819ec5d6ee5da 412156 
ruby-passenger-doc_3.0.13debian-1.1_all.deb
Checksums-Sha256: 
 527e2036cb1cf8e07d24cf72481cf8934023f9f524b24c1dde663733518858dc 2489 
ruby-passenger_3.0.13debian-1.1.dsc
 75563b5ca8e51ed3b41e648f88c065b2df8b0d2afbc76462d65bb86fefb0189d 14140 
ruby-passenger_3.0.13debian-1.1.debian.tar.gz
 47522831755d97dc9b2c6a221169dea60831253617d82e99150436414d93a1f3 1514128 
ruby-passenger_3.0.13debian-1.1_amd64.deb
 fa50f529e6fa6b1bd5ebe16bf32fc2f27a9c2e8b88e661b108f6a565a991c492 244168 
libapache2-mod-passenger_3.0.13debian-1.1_amd64.deb
 f0e42f37bd0d566c89838f6f41bf02a4d7ba7b275c048de1cc53c546a61813bc 412156 
ruby-passenger-doc_3.0.13debian-1.1_all.deb
Files: 
 40a6cb41e3d0e0b7ae143d4719dd8359 2489 ruby optional 
ruby-passenger_3.0.13debian-1.1.dsc
 94a45a1ba08af66fb0091493365cd4f2 14140 ruby optional 
ruby-passenger_3.0.13debian-1.1.debian.tar.gz
 e58b167ba0f9ade74d757bd6ebf60d06 1514128 ruby optional 
ruby-passenger_3.0.13debian-1.1_amd64.deb
 205f0163509e4bb56cb5b18711b2db19 244168 web optional 
libapache2-mod-passenger_3.0.13debian-1.1_amd64.deb
 a7a0a317fc48de09152146fa163105c6 412156 doc optional 
ruby-passenger-doc_3.0.13debian-1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRp4xaAAoJEP4ixv2DE11FU9IP/0mcWbGtb5j9pn/9L93Hfm7z
O+Wv120Qrwmw7a5xPyEIeRjz/TOV1Cue1REKHAYFmfamSCLtI1RBbcyzpZnaeCL2
QzG6/yCdkC0wS8bZTqz24SklfVI39qQfM627zLXYuYy+cL08nGB0gcm2vymIVzl8
wJ/ekDwcQBbqk1Ci4TAP01/H0owzooXxjT77kQRjdOdXonC3TgA1uZYGSD5iO+Nx
K5YpcrctnLPNVu2aS7K5yCVDCewVzPc4JMZKJp0OfYvh1DjsjTCnMjaFPYPoW19R
O2Txt5/cb0aXhl2GC/WfUb2MDy0gnrrgZ+I6lnGCFv86UjGYt7r5UdDj0PwGEXsc
hx7NFX5grC9ulsSsKhVlJ8w+7XEtio4opN9hSkJds0PSrzTwEM9WMCtGUqdZeg5U
BCI/OISjNn7asD3xRuQ+v2zzi5d8hO55BI17qjppRXxjHjwuNFDYJC5ARVJ6/bes
7qlOE7jE9Iv0oXGMNWN122dC30vQ/p6pY0xrY/e9MR8LGLuT8wMkmm/SesxLufqn
8DQ+5OoiiMrJfCLRrT23V+wLi1ppUegf5wSi0T6DLqgr7JMnvabOAb8VsQWoVVsV
w/JkEzUKARxttiyxz9f78Q6NDrRbSXfgdNKZ2pS4W4PnSJ4BmLApWR66tJvRVyC3
JiiC77drqjqAG/dwVlTO
=QJfK
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to