Your message dated Wed, 29 Nov 2017 07:34:00 +0000 with message-id <e1ejwsa-0004xk...@fasolo.debian.org> and subject line Bug#882034: fixed in ruby-redis-store 1.3.0-2 has caused the Debian Bug report #882034, regarding ruby-redis-store: CVE-2017-1000248 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 882034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882034 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ruby-redis-store Version: 1.1.6-1 Severity: grave Tags: patch security upstream Forwarded: https://github.com/redis-store/redis-store/issues/289 Control: found -1 1.3.0-1 Hi, the following vulnerability was published for ruby-redis-store. CVE-2017-1000248[0]: | Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000248 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000248 [1] https://github.com/redis-store/redis-store/issues/289 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ruby-redis-store Source-Version: 1.3.0-2 We believe that the bug you reported is fixed in the latest version of ruby-redis-store, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 882...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cédric Boutillier <bou...@debian.org> (supplier of updated ruby-redis-store package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Nov 2017 00:36:16 +0100 Source: ruby-redis-store Binary: ruby-redis-store Architecture: source Version: 1.3.0-2 Distribution: experimental Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Cédric Boutillier <bou...@debian.org> Description: ruby-redis-store - redis stores for Ruby frameworks Closes: 882034 Changes: ruby-redis-store (1.3.0-2) experimental; urgency=medium . * Team upload * Import patch from upstream + fixes [CVE-2017-1000248] allowing unsafe objects to be loaded from redis + (Closes: #882034) Checksums-Sha1: d11b4da0b09067880e2e176607cf8eba24be98ee 1822 ruby-redis-store_1.3.0-2.dsc da22be3cb7d3c3452dd6992d6579f216978163e8 6928 ruby-redis-store_1.3.0-2.debian.tar.xz 23c00166fc1b855d31587a865c326166b9897380 6462 ruby-redis-store_1.3.0-2_source.buildinfo Checksums-Sha256: 0b73e69d3303cb9012ab4c58eeccc5a20fb2f6009c6d0ed2f36967a9a3eeac22 1822 ruby-redis-store_1.3.0-2.dsc 250b65e8149dfbd250f6ca932bdbb698c3407faf4d94844f5bfc78c0499b6b27 6928 ruby-redis-store_1.3.0-2.debian.tar.xz affbce6361b07f143df7575839fd75a91157475642a7a0006ca8bdd66f7283e5 6462 ruby-redis-store_1.3.0-2_source.buildinfo Files: e58918a4f38ac3987c7a36184a9d4458 1822 ruby optional ruby-redis-store_1.3.0-2.dsc b452076d28964bb870b17bb7c3d409ca 6928 ruby optional ruby-redis-store_1.3.0-2.debian.tar.xz a4bed16ddb4793619e41804825dc4121 6462 ruby optional ruby-redis-store_1.3.0-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAloeXa4ACgkQia+CtznN IXrfEwf/WuPUV0sM0AoB7yM4igBUbomNMDvpcnMyA/xEFendH1IbRw9rnl1uZTeT Ox68ENX+pAbACwxhDZVBtXFiWd38KQVenDgJxksNjvt/Ar9SPcPUbDO8Ps84j/Bb qfYXcNsXdY3wCfTC86EOkwag6L7TUUX5aX9EZ09+ULQr8TiRq8kxk5DjI6/N8c9b HOv3FqqIx40YfetcFgqyEbGnb1qNAaLKmoA8RxS67SzNoCKcaWyeDc3ReXCqc1YF WVOnwVa7/wcoVhJm42ecjWjD1w5aUG3j0Fk/EcdC4G7FaUkM32X/Wn32GJfv1Dou NczA523W/Em8HK4GjwzQg4YXItbKXQ== =iNxd -----END PGP SIGNATURE-----
--- End Message ---
