Your message dated Wed, 21 Nov 2018 09:53:04 +0000 with message-id <e1gppbw-0004zy...@fasolo.debian.org> and subject line Bug#913005: fixed in ruby-rack 1.6.4-6 has caused the Debian Bug report #913005, regarding ruby-rack: CVE-2018-16471: Possible XSS vulnerability in Rack to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 913005: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913005 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ruby-rack Version: 1.6.4-4 Severity: grave Tags: patch security upstream Hi, The following vulnerability was published for ruby-rack. CVE-2018-16471[0]: Possible XSS vulnerability in Rack If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16471 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16471 [1] https://www.openwall.com/lists/oss-security/2018/11/05/2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ruby-rack Source-Version: 1.6.4-6 We believe that the bug you reported is fixed in the latest version of ruby-rack, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 913...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated ruby-rack package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 21 Nov 2018 10:44:19 +0100 Source: ruby-rack Binary: ruby-rack Built-For-Profiles: nocheck Architecture: source all Version: 1.6.4-6 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: ruby-rack - modular Ruby webserver interface Closes: 913005 Changes: ruby-rack (1.6.4-6) unstable; urgency=medium . * CVE-2018-16471: Prevent a possible XSS vulnerability where a malicious request could impact the HTTP/HTTPS scheme returned to the underlying application. (Closes: #913005) * Drop trailing whitespace in debian/changelog. * debian/control: - Add myself to Uploaders. - wrap-and-sort -sa. * Use HTTPS URI in debian/copyright. Checksums-Sha1: 98c3b87bb6571f6af285a3274a41ba4e46c866f0 2226 ruby-rack_1.6.4-6.dsc 1f03db9df519104cef4af179684731d3c899cf6a 8484 ruby-rack_1.6.4-6.debian.tar.xz c4ca91360b85877d7f084a3ad6cf7aa5cd9ddc92 88788 ruby-rack_1.6.4-6_all.deb 4bfd86838cf777aaf6a0d4377ae5f6798346001f 8756 ruby-rack_1.6.4-6_amd64.buildinfo Checksums-Sha256: 0f515bbff85074c959b2c7988672822db7c5e310c85ab142d4c6005838da93ab 2226 ruby-rack_1.6.4-6.dsc 3b9f28019295f14d91fc0cbc555e14ea3cc6eff92832093c53e1d4d335e445ad 8484 ruby-rack_1.6.4-6.debian.tar.xz bd555ea1378073edd8d83e5ffcf700b20210aa8ad40cedc4b80560fac49f9ba8 88788 ruby-rack_1.6.4-6_all.deb ff787d785b495943e30c603f091e107d14759b32be3aa42c128b8193cb464fa1 8756 ruby-rack_1.6.4-6_amd64.buildinfo Files: da54d39f2df83680dd7151730b3c8ac1 2226 ruby optional ruby-rack_1.6.4-6.dsc ed171b59dc44c0060aef74017052b923 8484 ruby optional ruby-rack_1.6.4-6.debian.tar.xz f4310539f83b611d9d0d9f58c9f75428 88788 ruby optional ruby-rack_1.6.4-6_all.deb bffd852f43e17bac0c180f5c0ae713d6 8756 ruby optional ruby-rack_1.6.4-6_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlv1KU8ACgkQHpU+J9Qx Hlijxg/+N0kIxzDDcwJWGi0cne0Nn877M+HfLZKXWME3ZdaCoujSNBEK3UCrqQiY sefsr6IBhj8CrMVfh8swtgfMGnNBaWZ53abhJyuwrVOEoYL9HSjKO2k1YlNlpSU+ YELhlqmtKDXwvNNBqGcGxfPQ4wLU2W5eXMaxYeFY2TnrsxMVZDsOQOwiM1Q3qqVE 8LoFFiJAjXreTeOIQjBWVrr1iFD4JfKEsBu1twnArZC5b5zeIDK8KXRfc0fJFcgx 7xOd1FASf0A3d9b00vCESv0dVq41IEKKGKAA2Ti878mYPPlLeppDQoVlT41HDzof HWAA2shAwc/bJPJXiTX6JQXTowvOhMyDT0/hdtdi9EB0EBmdFz9I5BG9TGwd/JuX 9JH6twgsoKsshFn9xFEUlBGQb7CA9LrPxVQWWSlE8zGv99FdDFTn43zGXf8u80k+ AWeBe7vFmiuKJEDxB0jFjjvPZS/a0vq5Vx53nnTv6U83JRRxM1VuU8ctIC1s0CJd QUsfKq2G7fSW56CaDAfRhEH5uoYF6pvqEa2fZLLMEGddharBdLFPGQ7idzTESvvi z2VUcN3pVWKPqAu6mlzL+2CjCKCyljrxQyprajc6LFGHqXRHideIei4bN23vedaV HyZIyytT0dSVqiPHRSYDaX3ZTayPDi5A6opyzjQtLuLLZ0F9wbo= =Pklj -----END PGP SIGNATURE-----
--- End Message ---
