Bug#902721: marked as done (CVE-2018-1000539)

[Debian Bug Tracking System]

Your message dated Sat, 01 Sep 2018 12:47:08 +0000
with message-id <e1fw5iy-000j7k...@fasolo.debian.org>
and subject line Bug#902721: fixed in ruby-json-jwt 1.6.2-1+deb9u1
has caused the Debian Bug report #902721,
regarding CVE-2018-1000539
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
902721: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902721
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: ruby-json-jwt
Severity: grave
Tags: security

This was assigned CVE-2018-1000539:
https://github.com/nov/json-jwt/pull/62
https://github.com/nov/json-jwt/commit/3393f394f271c87bd42ec23c300727b4437d1638

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: ruby-json-jwt
Source-Version: 1.6.2-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
ruby-json-jwt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 902...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pirate Praveen <prav...@debian.org> (supplier of updated ruby-json-jwt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 18 Aug 2018 23:32:06 +0530
Source: ruby-json-jwt
Binary: ruby-json-jwt
Architecture: source all
Version: 1.6.2-1+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Pirate Praveen <prav...@debian.org>
Description:
 ruby-json-jwt - JSON Web Token and its family in Ruby
Closes: 902721
Changes:
 ruby-json-jwt (1.6.2-1+deb9u1) stretch-security; urgency=medium
 .
   * Fixes: CVE-2018-1000539 (Closes: #902721)
Checksums-Sha1:
 414b750ecdbb9f18bca32aff6ce6a40e807b9ed4 2221 ruby-json-jwt_1.6.2-1+deb9u1.dsc
 da6c80c938ee3bff65d86928eceb78e68f0ccbc3 21870 ruby-json-jwt_1.6.2.orig.tar.gz
 42b81bba0d98b5e291d6b3344c5d678b680f5ac3 3180 
ruby-json-jwt_1.6.2-1+deb9u1.debian.tar.xz
 344447a7913df92d0c377d9e1821e4d1e6ad0c1e 9160 
ruby-json-jwt_1.6.2-1+deb9u1_all.deb
 9310a7786c747006b79f7ad8268de0de360511d6 7600 
ruby-json-jwt_1.6.2-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
 b0efdf4b17e4359dab6b172ddfec93483fcad31e46027b41fb4d52c39991e441 2221 
ruby-json-jwt_1.6.2-1+deb9u1.dsc
 bc10d11254d60aa84c539d2a69ffcd2611535dc42120a0e6a242f63d4bcc7d7c 21870 
ruby-json-jwt_1.6.2.orig.tar.gz
 ddfed631888079c0887b9fa43f1f24512594004ab65fe442b19f19ae5c956d25 3180 
ruby-json-jwt_1.6.2-1+deb9u1.debian.tar.xz
 02a4fcb7e56562f40c2b4808e4bfd3e27b765cb78a844dd4a97377d3751a95c2 9160 
ruby-json-jwt_1.6.2-1+deb9u1_all.deb
 d57f5fe221e41bb29f0a0a096e7dad1c83397c9734c60d6be0f67c028598316d 7600 
ruby-json-jwt_1.6.2-1+deb9u1_amd64.buildinfo
Files:
 003bf9b15f417749d56a10b19ea146b3 2221 ruby optional 
ruby-json-jwt_1.6.2-1+deb9u1.dsc
 aecdd332419f64d9aca527ddbf946a93 21870 ruby optional 
ruby-json-jwt_1.6.2.orig.tar.gz
 2879d7b377e3aac09cca241f346a45c2 3180 ruby optional 
ruby-json-jwt_1.6.2-1+deb9u1.debian.tar.xz
 431b4c72b1490d70a95ae110fc81a6a8 9160 ruby optional 
ruby-json-jwt_1.6.2-1+deb9u1_all.deb
 38d3b4cb30a31df599605d65dfb58f1b 7600 ruby optional 
ruby-json-jwt_1.6.2-1+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKnl0ri/BUtd4Z9pKzh+cZ0USwioFAlt4ZvsACgkQzh+cZ0US
wirUzg/8CE6Z/V/WluVi0Yiu46gDELGjlTdS56Y1AMOwgbwG8q0fzGghP2cmHe7/
1xjTAWQ6TK8AhnCuYm3rJQ81x/3vWFHwPioSWhGQXSjbvTBjV3z06gWYQ+ipl0tT
oiffo1NRpbAg57IPAxxDci3P1rwqAKX3O+wzjNIDIySOkj04ICTUM0GplgQlj907
yCEtC0QYsS7x0Bkf47nobq+JdGgnts1XPNgp+oteGN7ITui9dDIf1kAbFyDEMgoO
FAVdUyQwqzVF671qxdegc2zqwcj1ZdmTlRj2pe7ZHtD4ID6Ypw2qiQFmJHKMXLaX
imtLgDvtr+aZrEC75QlYA4LgskKcjtCwpcvTHD+kPMdXfI8fcKfvhbqWRdN3tb6v
3hKQTVOvUFsawnN1lfm4crv+M7VSjmiogo/k0yZiNxbUj9fGqVyE63qWNoqspTHI
k23Vf0P5W14Kn9VpKoI9TFOzcQjKxaKVuhtoj3A61kyurf1D9W9RyDDLl6CSTKbu
M4XbQLo3AUbgN/hjRBNweSqp0rlqtJf1UqEO3vX2Tz0xq6WyZTw3S2GiZwlzEYGN
LBHTiYHBkmHwwhG1QtlivDJ4c5Wb7aE1QKT+ZV75FURwtCDSW22jtVYci3RUCZOO
zbsIzpzjlfYiGL7ucKJAlgMTINENi+eVmYtRFfFxChZrqgS9dc8=
=z3QF
-----END PGP SIGNATURE-----

--- End Message ---