Your message dated Thu, 03 Jan 2019 21:47:19 +0000 with message-id <e1gfapj-000cm6...@fasolo.debian.org> and subject line Bug#913005: fixed in ruby-rack 1.6.4-4+deb9u1 has caused the Debian Bug report #913005, regarding ruby-rack: CVE-2018-16471: Possible XSS vulnerability in Rack to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 913005: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913005 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ruby-rack Version: 1.6.4-4 Severity: grave Tags: patch security upstream Hi, The following vulnerability was published for ruby-rack. CVE-2018-16471[0]: Possible XSS vulnerability in Rack If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16471 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16471 [1] https://www.openwall.com/lists/oss-security/2018/11/05/2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ruby-rack Source-Version: 1.6.4-4+deb9u1 We believe that the bug you reported is fixed in the latest version of ruby-rack, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 913...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated ruby-rack package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 20 Nov 2018 10:10:14 +0100 Source: ruby-rack Binary: ruby-rack Built-For-Profiles: nocheck Architecture: source all Version: 1.6.4-4+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: ruby-rack - modular Ruby webserver interface Closes: 913005 Changes: ruby-rack (1.6.4-4+deb9u1) stretch; urgency=medium . * CVE-2018-16471: Prevent a possible XSS vulnerability where a malicious request could impact the HTTP/HTTPS scheme returned to the underlying application. (Closes: #913005) Checksums-Sha1: 25032a6865e6b5ca28368108772f42e9c063a8cc 2271 ruby-rack_1.6.4-4+deb9u1.dsc 9a72f441c920e6698133eb2fb8c6f9762220096c 6776 ruby-rack_1.6.4-4+deb9u1.debian.tar.xz 6f479f2feceb67ab0bc96db82edc2cb7f2fac614 88602 ruby-rack_1.6.4-4+deb9u1_all.deb 25c475a4a71fa05c61745c680048d00298a5fa3d 7079 ruby-rack_1.6.4-4+deb9u1_amd64.buildinfo Checksums-Sha256: 41142ffdfd57589a1f928a1117bce26752e3150434e675ab9e26685c2137f26b 2271 ruby-rack_1.6.4-4+deb9u1.dsc 67f38992d2ddddd7110cc5cecf363661f720221e91c25de79a75e1ca23d86060 6776 ruby-rack_1.6.4-4+deb9u1.debian.tar.xz 3202b81ba94aea5da8a2ef45ec3118bf6754692c4c0e5e3b60c42e3a2f3bc1b1 88602 ruby-rack_1.6.4-4+deb9u1_all.deb d943e22e25f064fe4e34d67b04277538f5131115234ae952de5fb9190afa6564 7079 ruby-rack_1.6.4-4+deb9u1_amd64.buildinfo Files: 678efcbdc5dcc8b271dbb9b51aa1ca4c 2271 ruby optional ruby-rack_1.6.4-4+deb9u1.dsc 423edc354bee70551915934b6fba8aae 6776 ruby optional ruby-rack_1.6.4-4+deb9u1.debian.tar.xz e116308c96a0d3e7acd6ea688d5fb684 88602 ruby optional ruby-rack_1.6.4-4+deb9u1_all.deb 0cbd60265e20328b2e8a0fa44aa1f0fb 7079 ruby optional ruby-rack_1.6.4-4+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlwhGQQACgkQHpU+J9Qx HljRAA//fzo9oYSvgOxmbpSkC0G6v3buywpYqe8Nta9vWk1+3vGs8bv7/eroQt5E Z64Nv4+uati3zvlDc5S8c+50BbA42edXP0pvtu4KlxJYmJ19Nk3LJOxP4KJ+r9zD XV03k2IMY8ib3fh8g2/g7jr334J8dD6T4tIPGDzeetcTtD37bcTC+f2Gx3+Q+ENm 7Klql6jOQJMsApyavyYuRc9hpQFAwZ8IlgqAke+WczXmHyL1QPvVdeI1IB9Ctz85 y25FnB2vICofhqo1eAhyUzL85k5w8raaEv8hWX6zpU3XVohBCZzl7O2FwQw7a4Ut wSKY5s0VrD4J/mU68bym5hV0NREYQRGI+r3eJCDY5lxJOWyZse+zwOlugIGQutxz mdSg0HqTVOHppbYYhb642d4bERz0ulHkvGblB94R0YqZ3KLL1LkZclzbutP4tqhN BEvbcYeecafgiENcd7gJZHi/RLQBXkcQKmihEvUcwcTwN/SLZYnLG30uB0qaL85D vkF1HVG47Gdr9hmBCBkHgMW4H0QINPrKt2E8gjsPKWdiA+QsPZpzfWUc5krOlV5H uKOwtMI9Ftdcjm26IebmOsBj9ZVsWRNrzxDYK9F9ygL0NNqqYJwa0RcXv37CZFEc WADHArDwrVR2gS1402ahKmDbMGut9cHVALHujHMgoy0k5jDSRqw= =LmSz -----END PGP SIGNATURE-----
--- End Message ---
