Your message dated Wed, 23 Aug 2017 09:19:14 +0000 with message-id <e1dkrog-000hps...@fasolo.debian.org> and subject line Bug#870852: fixed in rubocop 0.49.1+dfsg-1 has caused the Debian Bug report #870852, regarding rubocop: CVE-2017-8418 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 870852: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870852 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rubocop Version: 0.48.1+dfsg-1 Severity: grave Tags: patch security upstream Forwarded: https://github.com/bbatsov/rubocop/issues/4336 Hi, the following vulnerability was published for rubocop. CVE-2017-8418[0]: | RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing | local users to exploit this to tamper with cache files belonging to | other users. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8418 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8418 [1] https://github.com/bbatsov/rubocop/issues/4336 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: rubocop Source-Version: 0.49.1+dfsg-1 We believe that the bug you reported is fixed in the latest version of rubocop, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastien Badia <sba...@debian.org> (supplier of updated rubocop package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 23 Aug 2017 10:56:04 +0200 Source: rubocop Binary: rubocop Architecture: source Version: 0.49.1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Sebastien Badia <sba...@debian.org> Description: rubocop - Ruby static code analyzer Closes: 870852 Changes: rubocop (0.49.1+dfsg-1) unstable; urgency=medium . * New upstream version 0.49.1+dfsg CVE-2017-8418 fixed upstream (Closes: #870852) * d/watch: Integrate orig.tarbal dfsg changes (for 'gbp import-orig --uscan') * d/patches: Refresh patches according new upstream * d/control: + Use my Debian email address + Added ruby-parallel as BD (new deps.) + Added missing Testsuite flag + Bump Standard-Version to 4.0.1 (no changes needed) Checksums-Sha1: 01a5b2a4e1e6fe1d2c4a288e0ce528c25054cbce 2253 rubocop_0.49.1+dfsg-1.dsc 8f5372f3720c3984de7855dc431aa0e2fe35ddfb 842676 rubocop_0.49.1+dfsg.orig.tar.gz fcd763b2b013deef1cc2ddecb33b06191a1ce11b 9872 rubocop_0.49.1+dfsg-1.debian.tar.xz bf0a275056bfc14104fa888133edb76796679043 7323 rubocop_0.49.1+dfsg-1_source.buildinfo Checksums-Sha256: 7ef62708622c00aa72031bb625078ba2d0fd21bfd673e11f52230a7dc01ad5ec 2253 rubocop_0.49.1+dfsg-1.dsc 7e39f250d4350487dfa2b9809d5b5b3af42cc9a0a68c3f34d45c36d1a2efaa56 842676 rubocop_0.49.1+dfsg.orig.tar.gz 550fc3f5c74d562644dd6bc8883041f0381c43ad509cb44a8546a080e2453c75 9872 rubocop_0.49.1+dfsg-1.debian.tar.xz 472cf22104363c874528287519b639a050edba8750162c6c822896dd977f9f38 7323 rubocop_0.49.1+dfsg-1_source.buildinfo Files: d6d689cec1178c08981f0aa7dbf6719c 2253 ruby optional rubocop_0.49.1+dfsg-1.dsc bc847bab0467b6960cec46f94d78f63a 842676 ruby optional rubocop_0.49.1+dfsg.orig.tar.gz e7e6c1aeaa262bac8b0b7e5d60989a38 9872 ruby optional rubocop_0.49.1+dfsg-1.debian.tar.xz b0548805007351b19f0735bd56080896 7323 ruby optional rubocop_0.49.1+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfkPprL9yerPPCIUzhxbORhSkUtgFAlmdRIcACgkQhxbORhSk Utg/YQ/+MX8wdbUzOVKZZ1X0DcVyM52w3lbUBGGwfvMd6ebwHgO28Enpi0JhJRo4 ZouyUMI+yjW6w6IyDCtIggBoCX2aHe933ZuoCVgI6kZEwLdhVVmkEQdUtqmEaspP qgLIKCGmfCORl4hQM3WVz0Hlq3p51LzLzEuvLSvfcJBGWhmVe7yl+IXEGW8Z9iEQ ZpqUFtoE+0EuyoBZZyavDIospXDHPycY5npbUyaTpD/ceVJrknH7mOc5sNZ5QMBU vQZnx0j5o2IO2E5KWp0kK4lUwNGfwnJRjouh2QXeOOMRS9WkgrzM/vooaHGd/qX/ U4aBOZeuhv5Kfv6yWYxJOJjWE+NqUbqZcuTS28vvEjy0Qr9C04tnLO9YHdlaY9tK 2MuxBd1tKz04xZbq1NBO2xoLqM0MxZ+SwTjkcPIfVnwtPPDPWftDQ92i+3KBEBqs vJZJ+aXkr7t2rc/D7iTIcPKshc6rjOymoLWLP/kdUhIaqdv54Z578NfPZ79l1S5C pxxUMGdjFju1hlMbFOIROt+fetcZTe6+IHaXa1xHo4BN+V/0EAzV4PHdlnZICEOs KAxd13eaokmj9m/2sAuLpdM/tL0XJuZK58KEQb1Lh48h5zlSjJpuWPMk4XHMrNMB z72oxDdH9s6p4X5m5Ckas1sUZaec5S+4yIftiVWLRQvGWL9eGkI= =K1Xx -----END PGP SIGNATURE-----
--- End Message ---
