Your message dated Thu, 08 Jul 2021 20:17:56 +0000 with message-id <e1m1at6-000hhw...@fasolo.debian.org> and subject line Bug#990815: fixed in ruby2.7 2.7.4-1 has caused the Debian Bug report #990815, regarding ruby2.7: CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 990815: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990815 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ruby2.7 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for ruby2.7. CVE-2021-31799[0]: A command injection vulnerability in RDoc https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/ https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522 (2.7) CVE-2021-31810[1]: Trusting FTP PASV responses vulnerability in Net::FTP https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/ https://github.com/ruby/ruby/commit/3ca1399150ed4eacfd2fe1ee251b966f8d1ee469 (2.7) CVE-2021-32066[2]: A StartTLS stripping vulnerability in Net::IMAP https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/ https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a (2.7) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-31799 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799 [1] https://security-tracker.debian.org/tracker/CVE-2021-31810 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810 [2] https://security-tracker.debian.org/tracker/CVE-2021-32066 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: ruby2.7 Source-Version: 2.7.4-1 Done: Utkarsh Gupta <utka...@debian.org> We believe that the bug you reported is fixed in the latest version of ruby2.7, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 990...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Utkarsh Gupta <utka...@debian.org> (supplier of updated ruby2.7 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 09 Jul 2021 00:40:58 +0530 Source: ruby2.7 Architecture: source Version: 2.7.4-1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Team <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Utkarsh Gupta <utka...@debian.org> Closes: 990815 Changes: ruby2.7 (2.7.4-1) unstable; urgency=medium . * New upstream version 2.7.4. (Fixes: CVE-2021-31799 CVE-2021-31810 CVE-2021-32066) (Closes: #990815) Checksums-Sha1: ac3b6497daf5d4d1f4469ad4c94c35db4424f334 2506 ruby2.7_2.7.4-1.dsc c3af416830ab3a87ca8b3fdc2b8fc99522baee39 10810480 ruby2.7_2.7.4.orig.tar.xz b2faab7f1ab72aafcc3e6699ffa4e8937fdb98eb 112716 ruby2.7_2.7.4-1.debian.tar.xz d40fecbad9672c08dcb9ea276e3d9e3d3247273a 6590 ruby2.7_2.7.4-1_source.buildinfo Checksums-Sha256: 2d47976072b2d8c7d6ea9c44cc56501ab83681d17c9944b8195edc28ebbe3a31 2506 ruby2.7_2.7.4-1.dsc a42c6089f82d9ab8dad2e72ba5b318f4177ff7bb17a584ae3834521e4f43c9b5 10810480 ruby2.7_2.7.4.orig.tar.xz 4c1b9c7dc0463d1d50eaf6a83cd6abce57fe01d591a4561a75611e274f178b93 112716 ruby2.7_2.7.4-1.debian.tar.xz b39623df8ce0f03cbd995e5c0a69af79394dddd412bc30839af1216eaa064b7a 6590 ruby2.7_2.7.4-1_source.buildinfo Files: 1af7ef4ef43ff7c6a6d5d36bc8a6890c 2506 ruby optional ruby2.7_2.7.4-1.dsc a66187d2e06edf92b45b03a840ba6570 10810480 ruby optional ruby2.7_2.7.4.orig.tar.xz 3a184df93a6f8cc1bb19d5f7c9c288bb 112716 ruby optional ruby2.7_2.7.4-1.debian.tar.xz 7a1f50414d590d0242c9c2640c2e34c8 6590 ruby optional ruby2.7_2.7.4-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmDnWHcTHHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLltJDD/9/9S+teYemys9KjuAX63IV7tERnH2T fDczrXR+ven6oF70I01yul7ZI5KcvSTFNG1mUwrdhpnWVXkGXmruvVqdF9h0tpJQ 2rw2zKqiYPHZTsnp4ognWzoeUXsG7bHZUdjV9lvHQVjq0pYj1lTMRvQt9qp4x5jP EYy0yjyhCxnqxh0rowPtStrnG/snhB0rEq6JbFjtw+kr3qY5CLfRlN+zKTfviGCo Cb2vbMYrF8o/nYwgQQkpSuft1JSiZPVormMmaFmFAObzAjt8AUioDAWOd7siOKGZ gahTQ9p/Mo/xsHuA0cricp0fES4caC/BRsyun6S8C9e67FNAwmUPw/+o3WxNDLT6 OgB1gR6n8gz4fYOphY3lWxDTQGqVqFjvyMFcpA04sEakCiujCEmIqces60CU1Qe4 vljF25gaQh1+eD8dICEr4J1OLU9aO0Hl2DLqzKvC/7VMKFPyKyU7h3C7swEsA+H6 Kd5rc9DD4osrqQhb3Jr5MH5U8Yb1Kr+1hDUtePev7uGk07jbUBRjBpYQ51q3iTvm 3imkQPc6lsw8yg17W18OOJoG+IsNL9xnDKgy6HIimRGmt7v68JRHf7DXGjFzHvBJ ugBz1P3Deqse+E0SVQvQdY+AhsiK+/NiKMLR627gt41etvjjPRVmXuV5FH1njiiP WynX8EzQMv5KFw== =TeGz -----END PGP SIGNATURE-----
--- End Message ---
