Bug#770932: marked as done (ruby2.1: CVE-2014-8090)

Debian Bug Tracking System Sun, 30 Nov 2014 08:37:07 -0800

Your message dated Sun, 30 Nov 2014 16:35:25 +0000
with message-id <e1xv7t3-0004ev...@franck.debian.org>
and subject line Bug#770932: fixed in ruby2.1 2.1.5-1
has caused the Debian Bug report #770932,
regarding ruby2.1: CVE-2014-8090
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
770932: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770932
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: ruby2.1
Severity: grave
Tags: security

Hi,
please see
https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/
for details.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: ruby2.1
Source-Version: 2.1.5-1

We believe that the bug you reported is fixed in the latest version of
ruby2.1, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 770...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Antonio Terceiro <terce...@debian.org> (supplier of updated ruby2.1 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 29 Nov 2014 12:30:39 -0200
Source: ruby2.1
Binary: ruby2.1 libruby2.1 ruby2.1-dev ruby2.1-doc ruby2.1-tcltk
Architecture: source all
Version: 2.1.5-1
Distribution: unstable
Urgency: medium
Maintainer: Antonio Terceiro <terce...@debian.org>
Changed-By: Antonio Terceiro <terce...@debian.org>
Description:
 libruby2.1 - Libraries necessary to run Ruby 2.1
 ruby2.1    - Interpreter of object-oriented scripting language Ruby
 ruby2.1-dev - Header files for compiling extension modules for the Ruby 2.1
 ruby2.1-doc - Documentation for Ruby 2.1
 ruby2.1-tcltk - Ruby/Tk for Ruby 2.1
Closes: 769731 770932
Changes:
 ruby2.1 (2.1.5-1) unstable; urgency=medium
 .
   * New upstream release
     - Fixes CVE-2014-8090 Another Denial of Service XML Expansion
       (Closes: #770932)
     - Fixes build on SPARC (Closes: #769731)
Checksums-Sha1:
 f9fd6ab53d5621b88669489f1f0861eae8b0208d 2406 ruby2.1_2.1.5-1.dsc
 4c70a84f0e88f553235b3e0c2619c193251d4652 8026484 ruby2.1_2.1.5.orig.tar.xz
 28899f94e1f1dc4aa47e9b3261a86ea762430d63 84196 ruby2.1_2.1.5-1.debian.tar.xz
 02f939f5cf7d1e87e6a7e26dd6e2f76da1026179 3367516 ruby2.1-doc_2.1.5-1_all.deb
Checksums-Sha256:
 fe8372daa73dc839fad1115344c1309dfb08c7eec54f859beee0b2dcb89a73c7 2406 
ruby2.1_2.1.5-1.dsc
 0f8d9b15b38ee8b9a59dd9504404789cd8941da2c3ea079535e24f95e0f7ddc1 8026484 
ruby2.1_2.1.5.orig.tar.xz
 f295e218e7487abd642eab49652a630ac93810a8b53f233258d0b60ebfe14e24 84196 
ruby2.1_2.1.5-1.debian.tar.xz
 95e20cd3d2a6205590de2ebc920a7036851612faf3f682ac141f520a9e93ac93 3367516 
ruby2.1-doc_2.1.5-1_all.deb
Files:
 102cad39a14eb3e03355cffec60c5c48 2406 ruby extra ruby2.1_2.1.5-1.dsc
 1fe7f8fe73a3deba9363f391c1083e94 8026484 ruby extra ruby2.1_2.1.5.orig.tar.xz
 80c2ddf893e9193263066b61f07de76b 84196 ruby extra ruby2.1_2.1.5-1.debian.tar.xz
 1bf221581175f72e3f7cb407b1e13bd0 3367516 doc extra ruby2.1-doc_2.1.5-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUezJqAAoJEPwNsbvNRgveeycQAIotq1aI+POaeztiVjWfYxaL
uwlOaj7ZKfvVmriAKVt7/O5I0jEXiKCY4nth4PckhXlf7J69coA7z/XJeIDqUjVu
apPipTgpRUXzAtgMUEeuXEfCjJ/H3DRKJNOlToZJ/y5jUgZGh5rP1bNzuMJYclxS
aSaW4wCNrM3Vy+RZK2xBIcqsrpimyvHfecTgFBwy2FdReb7aAg238uXyvNTakwae
Np1YS9u+n5lDCx7+uQ3QqvFncZpFhlJDiBg+CURj4Mhm7+45oGKg3TY6bodx1m0z
0CosJ64FSZfyw6bn3/IPoTJYj5QejolL4T/VthxFEUj/8KcoL2jCTK3o4ZyGYaHc
vOGKNvDJvczNLqES2jIkG+rlbM6tG8xf55geSiZJpzBYvtTDQdy2T0/eaBXzEN/x
2kGqV4T0s/ULUimSvPntmiaLYnoTRhwxDvnXHPV0ph/1hK6NTFh/CcylHlbH0vvp
HQ1em600W20vAqqkDgDUbKzEg9F8zBc4O7qN75WeOhnmQfQ2vqUXDb5+WgIeXEa9
GBnsx3vIpfWBUxZkc+AeVgZHXHmQ9kOTD1F/bwp3NOM4MLGOizGC6CbqYMNXAOuB
yKZX3IQHttERyy9di1A4vtf63X9LcbYW8PxPmco5qEFR0sMZNdoCzY13MK+bq3ep
RFgocP1xStoegd1QFZiz
=P5ol
-----END PGP SIGNATURE-----

--- End Message ---

Bug#770932: marked as done (ruby2.1: CVE-2014-8090)

Reply via email to