Bug#931932: marked as done (CVE-2019-13574)

[Debian Bug Tracking System]

Your message dated Tue, 16 Jul 2019 21:07:05 +0000
with message-id <e1hnufb-0007ef...@fasolo.debian.org>
and subject line Bug#931932: fixed in ruby-mini-magick 4.9.2-1+deb10u1
has caused the Debian Bug report #931932,
regarding CVE-2019-13574
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931932: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931932
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: ruby-mini-magick
Severity: grave
Tags: security

Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13574

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: ruby-mini-magick
Source-Version: 4.9.2-1+deb10u1

We believe that the bug you reported is fixed in the latest version of
ruby-mini-magick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 931...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated ruby-mini-magick 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 12 Jul 2019 17:31:30 +0200
Source: ruby-mini-magick
Architecture: source
Version: 4.9.2-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 931932
Changes:
 ruby-mini-magick (4.9.2-1+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Don't allow remote shell execution (CVE-2019-13574) (Closes: #931932)
Checksums-Sha1:
 b79cb5e08252075a6a6fc74dc0bfe4e80a839bf7 2419 
ruby-mini-magick_4.9.2-1+deb10u1.dsc
 c53cc8d4e7336bbe1018b20c9df19234e63dac01 1187955 
ruby-mini-magick_4.9.2.orig.tar.gz
 7187a9b57d4d0e40d89599132f203b9e63ce0e4c 5984 
ruby-mini-magick_4.9.2-1+deb10u1.debian.tar.xz
 2ca9ae1809104869d8e313f0b62cc9e92d91f4cb 7294 
ruby-mini-magick_4.9.2-1+deb10u1_source.buildinfo
Checksums-Sha256:
 8f0d952428e5b09fb21c5699124f2ec85b35ce4cbafe644267e47f68c0f95903 2419 
ruby-mini-magick_4.9.2-1+deb10u1.dsc
 b9f9082d1f83305bbbd5279be9a3e601113d2f1e004c450f64f91a5158cd6b04 1187955 
ruby-mini-magick_4.9.2.orig.tar.gz
 87159661801af8d05a39d97721690e82b1ae15935034bfc8cd5ed4b990bdf1ea 5984 
ruby-mini-magick_4.9.2-1+deb10u1.debian.tar.xz
 47fc6c422187c9d5b3309333e2ada1769c3768307509d21cb43fc1a2334f704c 7294 
ruby-mini-magick_4.9.2-1+deb10u1_source.buildinfo
Files:
 20b5f956a280481534676f9d07eb3905 2419 ruby optional 
ruby-mini-magick_4.9.2-1+deb10u1.dsc
 3f9417e59c9e14ac053218fbce266dcf 1187955 ruby optional 
ruby-mini-magick_4.9.2.orig.tar.gz
 3f2fe5cc03187efc603446b63d631d6c 5984 ruby optional 
ruby-mini-magick_4.9.2-1+deb10u1.debian.tar.xz
 89cc0a2dad44599bf2fb705571e59c52 7294 ruby optional 
ruby-mini-magick_4.9.2-1+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0oqkdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EcaUQAKCINUssxxgc+lfI1Xu48dTgstZP3Znn
tsbbrMxW8ocet+24DGQkIDkTzLh3ALMJQc+uuEYHtcklaRWjn4vJ7Jqu8N5S7nMd
h+2SNlFJYHgaqjNtC/Xo1xKWdsAu3lC9vVMVqCJ8P2gvWx2Vz5eRW0e/grCD/Skh
Pu7qbq6rajnozYh09teOIXUPBbxpQeQof7KczkUVSNMeUp4cFQmhZtw35YL6nvGT
CPQtVD3fsfCU9bDOn3ZozAXKw9a9kJJAbHS5n/KQy7/qYRHbP5m+oaE9Oi7YGXdR
paYrVlX7wVU8v/25sJXij7pxI9M+jyalr6XTPOaYYSMAmZG5PYpZcz0DkYKpOAvF
aHJuC96OgQ+X5XFDuU2kc8EOGdDEiRgYaq5H9JBSq0qAmeiqq21LfEEPAUzvPIm4
CW+8JMTL1PY5hf4UkNTeSW5yyhJJN4Lg3H/3W7svOvS1C2zUxLnubHHNaSzAIYzH
eYV+ciT4UDMk4+mkKWT1Sz/EidQOd4LRACIYEhO46gEGMFhpfFM3Z5JoUkY2xtwo
/pGhR5/k2NBDAw+1VxYAr6dg9OWiI9jCtqnBhVIrK2a3n+aF43D+QneHYiYHpZB8
DmJlBWq3eZV5z+RvT52FF6qAzFqTK4u/FQEzVNFIxf61jXW2N7Wa4EhCXH01vInk
/g3BJqEmu8h6
=BfEP
-----END PGP SIGNATURE-----

--- End Message ---