Bug#742706: marked as done (ruby-net-ldap: CVE-2014-0083)

Mon, 14 Apr 2014 02:03:35 -0700 

Your message dated Mon, 14 Apr 2014 10:49:37 +0200
with message-id <20140414084937.ga29...@inutil.org>
and subject line Re: Bug#742706: ruby-net-ldap: CVE-2014-0083
has caused the Debian Bug report #742706,
regarding ruby-net-ldap: CVE-2014-0083
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
742706: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742706
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: ruby-net-ldap
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see https://bugzilla.redhat.com/show_bug.cgi?id=1065086 for details.

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
On Fri, Mar 28, 2014 at 08:32:06PM +0100, Salvatore Bonaccorso wrote:
> Hi Jonas, hi Moritz,
> 
> On Fri, Mar 28, 2014 at 07:49:18PM +0100, Jonas Genannt wrote:
> > Hello Moritz,
> > 
> > thanks for your report. I have checked the version in Debian, and I think 
> > they are not
> > affected by this SSHA salt problem:
> > 
> > 
> > http://anonscm.debian.org/gitweb/?p=pkg-ruby-extras/ruby-net-ldap.git;a=blob;f=lib/net/ldap/password.rb;h=503c7fe6b30870a7a33890f74b1da060cff40399;hb=HEAD
> > 
> > Upstream (newer version) with SSHA:
> >     
> > https://github.com/ruby-ldap/ruby-net-ldap/blob/master/lib/net/ldap/password.rb
> > 
> > I think we can close the bug?
> 
> I think you are right. The SSHA support was included upstream in
> v0.5.0 according to git blame. So as long in Debian we do not have an
> upload of current version of ruby-net-ldap we could close this bug.
> 
> I have marked the entry as not-affected but added the above note about
> version introducing the support.
> 
> AFAICS (only from a very quick look) upstream has not yet fixed this
> issue.

Closing the bug, then.

Cheers,
        Moritz

--- End Message ---

Reply via email to