Bug#710351: marked as done (ruby-passenger: CVE-2013-2119)

Tue, 29 Oct 2013 14:22:00 -0700 

Your message dated Tue, 29 Oct 2013 21:17:41 +0000
with message-id <e1vbgfv-0001lo...@franck.debian.org>
and subject line Bug#710351: fixed in ruby-passenger 3.0.13debian-1+deb7u1
has caused the Debian Bug report #710351,
regarding ruby-passenger: CVE-2013-2119
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
710351: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710351
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: ruby-passenger
Severity: grave
Tags: security
Justification: user security hole

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2119
for details and fixes.

This doesn't warrant a a DSA, but can be fixed through a point update.

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: ruby-passenger
Source-Version: 3.0.13debian-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
ruby-passenger, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 710...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Geyer <fge...@debian.org> (supplier of updated ruby-passenger package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 14 Oct 2013 22:43:07 +0200
Source: ruby-passenger
Binary: ruby-passenger libapache2-mod-passenger ruby-passenger-doc
Architecture: source amd64 all
Version: 3.0.13debian-1+deb7u1
Distribution: wheezy
Urgency: low
Maintainer: Debian Ruby Extras Maintainers 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Felix Geyer <fge...@debian.org>
Description: 
 libapache2-mod-passenger - Rails and Rack support for Apache2
 ruby-passenger - Rails and Rack support for Apache2 and Nginx
 ruby-passenger-doc - Rails and Rack support for Apache2 - Documentation
Closes: 710351 717176
Changes: 
 ruby-passenger (3.0.13debian-1+deb7u1) wheezy; urgency=low
 .
   * Fix CVE-2013-2119 and CVE-2013-4136: insecure tmp files usage.
     (Closes: #710351, #717176)
     - Backport upstream commits in CVE-2013-2119.patch and CVE-2013-4136.patch
Checksums-Sha1: 
 1a7c7f476389b482c0e5706d8a20aa677c18239e 2525 
ruby-passenger_3.0.13debian-1+deb7u1.dsc
 080396c8988a10eca97337558c116c33e7c604c0 15678 
ruby-passenger_3.0.13debian-1+deb7u1.debian.tar.gz
 74146f8a923b3fe1776d34ba390892a2fdd22945 1578642 
ruby-passenger_3.0.13debian-1+deb7u1_amd64.deb
 65e7bd4a3eda498c77251d56b02b6c1d9a9ad295 245978 
libapache2-mod-passenger_3.0.13debian-1+deb7u1_amd64.deb
 3f1fcc35cd1930e07a6e4c8a57b837f8b4539801 412068 
ruby-passenger-doc_3.0.13debian-1+deb7u1_all.deb
Checksums-Sha256: 
 3d1697043c75a085a9132079daee84caf1e492b70adb8ff7598e1e875fd8bf19 2525 
ruby-passenger_3.0.13debian-1+deb7u1.dsc
 6fa0d06d3531751d5fd54a37b8bb19213eba6c5d8a3d336470461023d725296c 15678 
ruby-passenger_3.0.13debian-1+deb7u1.debian.tar.gz
 96a7bc1b41c6a80adac6b5cc7a95b173765194eb3ae45d4739bcc5e14673a12c 1578642 
ruby-passenger_3.0.13debian-1+deb7u1_amd64.deb
 c9e452db7cde30ff0388577bc76fb75483c8ea8c0662976c787a010339de9e15 245978 
libapache2-mod-passenger_3.0.13debian-1+deb7u1_amd64.deb
 79fed93bf43fc49935533109d62b663bd22950a8e746f082b66a01bce219aa15 412068 
ruby-passenger-doc_3.0.13debian-1+deb7u1_all.deb
Files: 
 1a6ae77dfe375f4d0342bc7e74836ca4 2525 ruby optional 
ruby-passenger_3.0.13debian-1+deb7u1.dsc
 3815533e46f6f2cecc2f2000bb69c3ca 15678 ruby optional 
ruby-passenger_3.0.13debian-1+deb7u1.debian.tar.gz
 fb1d8b05f681cfe95ee4bc1e83680120 1578642 ruby optional 
ruby-passenger_3.0.13debian-1+deb7u1_amd64.deb
 76b779400854b3ee2b1aa9f2bf17081a 245978 web optional 
libapache2-mod-passenger_3.0.13debian-1+deb7u1_amd64.deb
 5485408b5bf3861a9c5a8a0f030804cf 412068 doc optional 
ruby-passenger-doc_3.0.13debian-1+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCAAGBQJSa86EAAoJEP4ixv2DE11FeDoP/jmr5ThxjTyTEPkA9gWrTazG
g8m1pTmN+xiJL4BKNOM+R8D4vfUv6SWru4tlspT1222RoBkKdOIqLHRpODTc5wNe
Ki0zmwfw69zMMJb8OfgSiz03334TNSOKTGzm6m60C7L6eQgEXTB06YpXLvl64Y4T
u0Y8Jv+Ip40FEuieuHuPL2jRZ41vFMeYvoCH1rN7t2PqonxVnBICyksFiym1Dluj
dqWofBBTm6o1eWBJ90Jf3SGK9FyCfK8ZPJaoJbUNPiYevPILbETI0l8MsAfYSHxG
PaRwzr8Lit3US+GjkbVxxzuljXlCId3YIv0ublY4D7vJiR9dPlTPqIJFZOTh7UnZ
pEsxiG7hYcF21anUTEIHxSGPvd8CvHbPyKTaKrmClMSgbn0C1taiPAd2BmiLQHdp
sTU29KAgkBUcvFoAM5SbpOPDE+eKHAOH45OziAsiv96PZh+R5nh8UUZE3SxbH7eu
LHJLHUBM94VaaipYyCTbueoX0KMIaJlQ6bS2GifhZYUe8ByCgXNBiCK61C3bpfuk
pjMOixaCGVnr/ZivzebxLOJH9URibID8HbRvUhvaypcwOH5loOGVCzq6eNy5gzIs
NeMbW1J7oIcWasB3LdDsBG5/FkBBK6y1MbdpRj00o9i/oZ8TEmdFo8CJJ/b+4i7r
UV7F+X2C1wLoEUofn2cn
=sUSV
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to