Bug#798466: marked as done (ruby-devise-two-factor: CVE-2015-7225: TOTP Replay Attack)

Thu, 17 Sep 2015 11:40:07 -0700 

Your message dated Thu, 17 Sep 2015 18:36:13 +0000
with message-id <e1zce2x-0002vx...@franck.debian.org>
and subject line Bug#798466: fixed in ruby-devise-two-factor 2.0.0-1
has caused the Debian Bug report #798466,
regarding ruby-devise-two-factor: CVE-2015-7225: TOTP Replay Attack
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
798466: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798466
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: ruby-devise-two-factor
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see http://www.openwall.com/lists/oss-security/2015/09/06/2
for details.

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: ruby-devise-two-factor
Source-Version: 2.0.0-1

We believe that the bug you reported is fixed in the latest version of
ruby-devise-two-factor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 798...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Balasankar C <balasank...@autistici.org> (supplier of updated 
ruby-devise-two-factor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 17 Sep 2015 23:35:16 +0530
Source: ruby-devise-two-factor
Binary: ruby-devise-two-factor
Architecture: source all
Version: 2.0.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Balasankar C <balasank...@autistici.org>
Description:
 ruby-devise-two-factor - Barebones two-factor authentication with Devise
Closes: 798466
Changes:
 ruby-devise-two-factor (2.0.0-1) unstable; urgency=medium
 .
   * Upstream update.
   * Upstream fixed CVE-2015-7225 (Closes: #798466)
   * Bump debhelper compatibility to 9
Checksums-Sha1:
 79b7937d6cfe3c34c809679934a47b0b9b41fded 1980 
ruby-devise-two-factor_2.0.0-1.dsc
 a9b3a683c62cb3a85b69352fcd22942976ab0910 31864 
ruby-devise-two-factor_2.0.0.orig.tar.gz
 69011bd8b7057cdd5957445172b7c99066a9405a 3024 
ruby-devise-two-factor_2.0.0-1.debian.tar.xz
 090839d598523659abd60ee2f59b8feb77f031d3 12072 
ruby-devise-two-factor_2.0.0-1_all.deb
Checksums-Sha256:
 e1f31844f7899902343926eed7a2df92141b6144e6638a1a41ecd23a32fd469e 1980 
ruby-devise-two-factor_2.0.0-1.dsc
 5502b15dc5fac722776dc35d62cf021504183da60c841dbd6b5b2a335c5e4cc6 31864 
ruby-devise-two-factor_2.0.0.orig.tar.gz
 6e71ee5ceb6628823b117d64254f685d72e368c623630e7fb88d79ceea7dd781 3024 
ruby-devise-two-factor_2.0.0-1.debian.tar.xz
 d337675da72d86c3f38f5a61dc02b71578d944b0f6d1ee5e1ff39159ce5b3472 12072 
ruby-devise-two-factor_2.0.0-1_all.deb
Files:
 a21ab74517c8d75c57ad01733bacead5 1980 ruby optional 
ruby-devise-two-factor_2.0.0-1.dsc
 3c7d2cf0ea4bd93f5229e76335551f61 31864 ruby optional 
ruby-devise-two-factor_2.0.0.orig.tar.gz
 8cf7a11952b0ad4b8b571578a242c1ac 3024 ruby optional 
ruby-devise-two-factor_2.0.0-1.debian.tar.xz
 e79b91d8dc9e07e31369474673feb875 12072 ruby optional 
ruby-devise-two-factor_2.0.0-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCgAGBQJV+wR6AAoJEJbtq5sua3FxLCwH/jDrIDEmdXcmvh1KZKtyoeR2
vzJdtWgFDq1NIyOHcMGO4V/Jdxajyr8KbsGGD3RHgP1K+M8kL5vM2BA0qhoxHkIe
fpKKAVct59XFTxVpUCf171cBwsjCASyzMs2u+dFZK78IbSF20A2AKPLVz2BCvK0v
MniA8Cms0JOVIEkFbz9OH8ZkolxIrrAfTeaSoCPp19VNbBg3kFR4yN0EIEfcTjaY
5hA7jB0QndU/oxQf22bj+5WSpB2gj2JWHuHhnD6MD50slzPbLj/vjAj0tqd0QYvB
6zwg4CDJ/dSpq8tqR46iIgbTXGtKKPikoOUGBQ56Gqzo22B+ol6Y9BLfBx9Zgzs=
=4J5f
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to