Your message dated Thu, 05 Dec 2013 21:17:32 +0000 with message-id <e1vogie-0004cx...@franck.debian.org> and subject line Bug#714543: fixed in ruby1.9.1 1.9.3.194-8.1+deb7u1 has caused the Debian Bug report #714543, regarding ruby1.9.1: CVE-2013-4073: Hostname check bypassing vulnerability in SSL client to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 714543: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714543 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ruby1.9.1 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for ruby1.9.1. CVE-2013-4073[0]: Hostname check bypassing vulnerability in SSL client If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073 http://security-tracker.debian.org/tracker/CVE-2013-4073 [1] http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/ [2] https://github.com/ruby/ruby/commit/2669b84d407ab431e965145c827db66c91158f89 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ruby1.9.1 Source-Version: 1.9.3.194-8.1+deb7u1 We believe that the bug you reported is fixed in the latest version of ruby1.9.1, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 714...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Antonio Terceiro <terce...@debian.org> (supplier of updated ruby1.9.1 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 30 May 2013 23:21:11 -0300 Source: ruby1.9.1 Binary: ruby1.9.1 libruby1.9.1 libruby1.9.1-dbg ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ri1.9.1 ruby1.9.1-full ruby1.9.3 Architecture: source all amd64 Version: 1.9.3.194-8.1+deb7u1 Distribution: stable-security Urgency: low Maintainer: akira yamada <ak...@debian.org> Changed-By: Antonio Terceiro <terce...@debian.org> Description: libruby1.9.1 - Libraries necessary to run Ruby 1.9.1 libruby1.9.1-dbg - Debugging symbols for Ruby 1.9.1 libtcltk-ruby1.9.1 - Tcl/Tk interface for Ruby 1.9.1 ri1.9.1 - Ruby Interactive reference (for Ruby 1.9.1) ruby1.9.1 - Interpreter of object-oriented scripting language Ruby ruby1.9.1-dev - Header files for compiling extension modules for the Ruby 1.9.1 ruby1.9.1-examples - Examples for Ruby 1.9 ruby1.9.1-full - Ruby 1.9.1 full installation ruby1.9.3 - Interpreter of object-oriented scripting language Ruby, version 1 Closes: 714543 Changes: ruby1.9.1 (1.9.3.194-8.1+deb7u1) stable-security; urgency=low . * debian/patches/CVE-2013-2065.patch: add upstream patch to fix object taint bypassing in libraries to handle native code through dlopen(). * debian/patches/CVE-2013-4073.patch: fix hostname check bypassing vulnerability in SSL client. Thanks to Salvatore Bonaccorso. Closes: #714543 Checksums-Sha1: 6039a457d265e11c60ed5cbedd9dddf0107c3bec 2030 ruby1.9.1_1.9.3.194-8.1+deb7u1.dsc 31cf6bd981e4c929e5dc3bbdb341833eab1bd9f2 12432239 ruby1.9.1_1.9.3.194.orig.tar.gz 74dc3340165ed13d91d627a325118eb9b49666d7 65603 ruby1.9.1_1.9.3.194-8.1+deb7u1.debian.tar.gz 19ddb3af77a85c307c12edc5cd0f198805e865c6 233410 ruby1.9.1-examples_1.9.3.194-8.1+deb7u1_all.deb 83f459a081f362cee1a6ea6f83f5a8943c8ffd30 2173916 ri1.9.1_1.9.3.194-8.1+deb7u1_all.deb 3b4351741ca7b189bc6639fff5b6b614fa833dab 171482 ruby1.9.1-full_1.9.3.194-8.1+deb7u1_all.deb 9eaece6650a8d0d29ccf03d459a53732b918d31c 172052 ruby1.9.3_1.9.3.194-8.1+deb7u1_all.deb 9836b71adaf21a883c183227cd5af9ed5fa9a62e 208478 ruby1.9.1_1.9.3.194-8.1+deb7u1_amd64.deb 49d3d230a65bfad8c504ee91bb9ee463672ab257 4414904 libruby1.9.1_1.9.3.194-8.1+deb7u1_amd64.deb 4ca5ae167c28587c8bc687aaa1a9d74ab4ce2bf1 4563036 libruby1.9.1-dbg_1.9.3.194-8.1+deb7u1_amd64.deb 2759240284d295e9b252d569ea2f072344171d9c 1384522 ruby1.9.1-dev_1.9.3.194-8.1+deb7u1_amd64.deb ec9cb1eb7f932994b4b9f7d0ef3995d6ef9487d4 1959464 libtcltk-ruby1.9.1_1.9.3.194-8.1+deb7u1_amd64.deb Checksums-Sha256: ddbc7e35e53286f412625da6433786199bf097613994354988c93d8dfdbdf8f0 2030 ruby1.9.1_1.9.3.194-8.1+deb7u1.dsc 46e2fa80be7efed51bd9cdc529d1fe22ebc7567ee0f91db4ab855438cf4bd8bb 12432239 ruby1.9.1_1.9.3.194.orig.tar.gz 289fb57f8ac072ce75270fbaa2915104013806a9b1197f64854ecd91d7662edd 65603 ruby1.9.1_1.9.3.194-8.1+deb7u1.debian.tar.gz 4be0438dfa831a4b41e028779f642831102dcc106760ea4d0a3957b1f10d66f8 233410 ruby1.9.1-examples_1.9.3.194-8.1+deb7u1_all.deb 32249d60b03ca9f53992220eb0407f8a5bab76481be44b1a65bca3cf8fd64d4e 2173916 ri1.9.1_1.9.3.194-8.1+deb7u1_all.deb 34d881c0c54850cb60b234c8a61f0ea1658490a7c06b53b578a6e0581731d64f 171482 ruby1.9.1-full_1.9.3.194-8.1+deb7u1_all.deb 424ef447d46bc7090a5297eb9b2ed2f331a9eb26334308d73b30cc348238d692 172052 ruby1.9.3_1.9.3.194-8.1+deb7u1_all.deb b01937f7ebfff10fa06484c29bbfc133aa8cb60c8826ef7e018519e7d5f14b52 208478 ruby1.9.1_1.9.3.194-8.1+deb7u1_amd64.deb d2deee55795e7f323f6f52700ce56ce4e7e990f798737dbb28441697a858f11c 4414904 libruby1.9.1_1.9.3.194-8.1+deb7u1_amd64.deb 450267a3b458526a928c4865652009399fa3709b7c8d0a1d78ea9a11d439fa93 4563036 libruby1.9.1-dbg_1.9.3.194-8.1+deb7u1_amd64.deb 6d3c80117865d936d8e549ee860d6c01e173ca4a43520c37a8cb72a1185e46c9 1384522 ruby1.9.1-dev_1.9.3.194-8.1+deb7u1_amd64.deb 6d33d9b1401b3389fbcc199e0c88f97fe761c72b5b3ec5198f49ee80b9cb3342 1959464 libtcltk-ruby1.9.1_1.9.3.194-8.1+deb7u1_amd64.deb Files: 541918a49d59c47829ea2ee603872cd7 2030 ruby optional ruby1.9.1_1.9.3.194-8.1+deb7u1.dsc bc0c715c69da4d1d8bd57069c19f6c0e 12432239 ruby optional ruby1.9.1_1.9.3.194.orig.tar.gz a4f13d1256c14ff5a32defa131315a90 65603 ruby optional ruby1.9.1_1.9.3.194-8.1+deb7u1.debian.tar.gz cefe759841db0b98dddb68234412714c 233410 ruby optional ruby1.9.1-examples_1.9.3.194-8.1+deb7u1_all.deb ad08027d56cf66f3391834b06f2fdcf5 2173916 ruby optional ri1.9.1_1.9.3.194-8.1+deb7u1_all.deb d1e80f2313abed59b25c5a4fbb8c9341 171482 ruby optional ruby1.9.1-full_1.9.3.194-8.1+deb7u1_all.deb 1ab0c524f704f3a2e2f2468d6334971c 172052 ruby optional ruby1.9.3_1.9.3.194-8.1+deb7u1_all.deb 63138699d40717756360ddcaeba7fe0d 208478 ruby optional ruby1.9.1_1.9.3.194-8.1+deb7u1_amd64.deb 9791cdb7f9be86e770e3986e5f85c007 4414904 libs optional libruby1.9.1_1.9.3.194-8.1+deb7u1_amd64.deb 56ed8662fc2dc291647bba71fef63bdd 4563036 debug extra libruby1.9.1-dbg_1.9.3.194-8.1+deb7u1_amd64.deb 7ec4ce27f132d712070f0e30cc1a9970 1384522 ruby optional ruby1.9.1-dev_1.9.3.194-8.1+deb7u1_amd64.deb c98ff4cb7fcfd68817e326415d9f46da 1959464 ruby optional libtcltk-ruby1.9.1_1.9.3.194-8.1+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlICQeUACgkQDOM8kQ+cso9zmQCfRmSGo3m6Gli0LVBHvlfItM9p OQkAnjPWNFpfBVkRslmSUPm8gU1tHDxv =oXmP -----END PGP SIGNATURE-----
--- End Message ---
