Your message dated Mon, 07 Jan 2019 06:35:07 +0000 with message-id <e1ggov9-0000ac...@fasolo.debian.org> and subject line Bug#914848: fixed in rails 2:5.2.2+dfsg-1 has caused the Debian Bug report #914848, regarding rails: CVE-2018-16477: Bypass vulnerability in Active Storage to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 914848: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rails Version: 2:5.2.0+dfsg-1 Severity: grave Tags: security upstream Hi, The following vulnerability was published for rails, and only affecting 5.2.0 version. CVE-2018-16477[0]: Bypass vulnerability in Active Storage If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16477 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16477 [1] https://www.openwall.com/lists/oss-security/2018/11/27/5 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: rails Source-Version: 2:5.2.2+dfsg-1 We believe that the bug you reported is fixed in the latest version of rails, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 914...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sruthi Chandran <s...@disroot.org> (supplier of updated rails package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 07 Jan 2019 00:23:02 +0530 Source: rails Binary: ruby-activesupport ruby-activerecord ruby-activemodel ruby-activejob ruby-actionview ruby-actionpack ruby-actionmailer ruby-actioncable ruby-activestorage ruby-railties ruby-rails rails Architecture: source Version: 2:5.2.2+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Sruthi Chandran <s...@disroot.org> Description: rails - MVC ruby based framework geared for web application development ( ruby-actioncable - WebSocket framework for Rails (part of Rails) ruby-actionmailer - email composition, delivery, and receiving framework (part of Rai ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part of R ruby-actionview - framework for handling view template lookup and rendering (part o ruby-activejob - job framework with pluggable queues ruby-activemodel - toolkit for building modeling frameworks (part of Rails) ruby-activerecord - object-relational mapper framework (part of Rails) ruby-activestorage - Local and cloud file storage framework (part of Rails) ruby-activesupport - Support and utility classes used by the Rails 4.1 framework ruby-rails - MVC ruby based framework geared for web application development ruby-railties - tools for creating, working with, and running Rails applications Closes: 914847 914848 Changes: rails (2:5.2.2+dfsg-1) unstable; urgency=medium . * New upstream version 5.2.2 (Closes: #914847, #914848) (Fixes: CVE-2018-16476, CVE-2018-16477) * Delete 0002-edit-activestorage-webpack-config-js.patch * Add 0002-disable-uglify-in-activestorage-rollup-config-js.patch Checksums-Sha1: a73d505257109845c897741d4cf6aa0d75422ec4 4198 rails_5.2.2+dfsg-1.dsc 917b7cd7dcaca3493a452c9f93cf4f7a68d2f9ec 6145456 rails_5.2.2+dfsg.orig.tar.xz c7085920aa2d41814b6142855410a306237fbcc4 86824 rails_5.2.2+dfsg-1.debian.tar.xz 634f5073b7595f6a4db21af037a7dc3a2192e917 8568 rails_5.2.2+dfsg-1_source.buildinfo Checksums-Sha256: 0d7de5c5a3e46c255e4305443035f2685a6922ebfcccf3cddb2ab71449077dad 4198 rails_5.2.2+dfsg-1.dsc 0a7d0ff57d2683804196cf39307dfe79bf7c85625b9f5fcfd2aae9a55e048663 6145456 rails_5.2.2+dfsg.orig.tar.xz 291579b00dd6910983c486a2d2f620f05d182f412819d81c7a632891ca458e9f 86824 rails_5.2.2+dfsg-1.debian.tar.xz 6f3eef98fe6772f953b686fa5ba97b409a17221e7c7f51445e265332201ab341 8568 rails_5.2.2+dfsg-1_source.buildinfo Files: cb76e43a7a61b95789269d283b1a9a1e 4198 ruby optional rails_5.2.2+dfsg-1.dsc 4fbd4b546a858a99856097177620e4c5 6145456 ruby optional rails_5.2.2+dfsg.orig.tar.xz 30e6287deba09b237ee37dd35fff31d0 86824 ruby optional rails_5.2.2+dfsg-1.debian.tar.xz a8f13edd00be9d097c0bf5594ef536d3 8568 ruby optional rails_5.2.2+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKnl0ri/BUtd4Z9pKzh+cZ0USwioFAlwyXeYACgkQzh+cZ0US wiotnxAAnTxxMG0rfy6nJzsFNjEiM7HHJ4xkL+7luSFsY+8e46oseVnTCsf/PT18 zM3cqqS41qnOMudq0ntpWExOowdeO3nUIL/CMtvKXc4FC7EnV3FWzxG/vyZNRVlQ 8uf4oZ8fiTz0tLm7eVtfbakFlb83ZaQ1PiBI76tciXIQU/FC0YuoA995dHgNHmQr vk7vE1LI9eZI/5hnqpbWqF6pb4sI3HsAy9STF0lz7KipqMdBeMYcTehdefRuhcTr zLxaSj1LoKV011Pw2IJig2uc8SjivGhLo6ZX5RcHzTMzPzcTIRsYZCcG5/BQoIZO +kBB3btE9D5BsDPxnDJsojHqKNBiFrrMWuiPCb0EJ2H1ZimkhFLBDy2Z7tv1rzax qQYvSIJ1Uw0GHV5al25o/ru74QRLHPqdWq8LvU3ptfKfxu3E7obbPfH75Jmh9cYd g1IADBBMN0L9forZN60/ql9NqN/dPq/0KiocWwljlhzlkPzTKY9sgc1GXqtU12pL PWHQo12twowixl8sB1fTGBXOPGfS7Cx1PAm3Iq8p1GUkSqyOfI8R61DoTTq8HVaz ESykkJadXcplzBi6XtsA1HtAcVrl97mcK1kBgliYIQQPg41Sqnof7UM5kc+EkkJz YyR82ZxBzWNt4aasrTYiizXmGjVLJoFuCw+/K0nbYX+6Bla78uI= =Az+E -----END PGP SIGNATURE-----
--- End Message ---
