Your message dated Wed, 08 Apr 2009 15:18:33 +0000
with message-id <e1lrzxt-0007s9...@ries.debian.org>
and subject line Bug#522939: fixed in ruby1.8 1.8.7.72-3.1
has caused the Debian Bug report #522939,
regarding ruby1.8: CVE-2009-0642 not properly checking the return value of
OCSP_basic_verify
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
522939: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522939
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ruby1.8
Version: FILLINAFFECTEDVERSION
Severity: FILLINSEVERITY
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ruby1.8.
CVE-2009-0642[0]:
| ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check
| the return value from the OCSP_basic_verify function, which might
| allow remote attackers to successfully present an invalid X.509
| certificate, possibly involving a revoked certificate.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0642
http://security-tracker.debian.net/tracker/CVE-2009-0642
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp1oMBpRCUke.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: ruby1.8
Source-Version: 1.8.7.72-3.1
We believe that the bug you reported is fixed in the latest version of
ruby1.8, which is due to be installed in the Debian FTP archive:
irb1.8_1.8.7.72-3.1_all.deb
to pool/main/r/ruby1.8/irb1.8_1.8.7.72-3.1_all.deb
libdbm-ruby1.8_1.8.7.72-3.1_amd64.deb
to pool/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3.1_amd64.deb
libgdbm-ruby1.8_1.8.7.72-3.1_amd64.deb
to pool/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3.1_amd64.deb
libopenssl-ruby1.8_1.8.7.72-3.1_amd64.deb
to pool/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3.1_amd64.deb
libreadline-ruby1.8_1.8.7.72-3.1_amd64.deb
to pool/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3.1_amd64.deb
libruby1.8-dbg_1.8.7.72-3.1_amd64.deb
to pool/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3.1_amd64.deb
libruby1.8_1.8.7.72-3.1_amd64.deb
to pool/main/r/ruby1.8/libruby1.8_1.8.7.72-3.1_amd64.deb
libtcltk-ruby1.8_1.8.7.72-3.1_amd64.deb
to pool/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3.1_amd64.deb
rdoc1.8_1.8.7.72-3.1_all.deb
to pool/main/r/ruby1.8/rdoc1.8_1.8.7.72-3.1_all.deb
ri1.8_1.8.7.72-3.1_all.deb
to pool/main/r/ruby1.8/ri1.8_1.8.7.72-3.1_all.deb
ruby1.8-dev_1.8.7.72-3.1_amd64.deb
to pool/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3.1_amd64.deb
ruby1.8-elisp_1.8.7.72-3.1_all.deb
to pool/main/r/ruby1.8/ruby1.8-elisp_1.8.7.72-3.1_all.deb
ruby1.8-examples_1.8.7.72-3.1_all.deb
to pool/main/r/ruby1.8/ruby1.8-examples_1.8.7.72-3.1_all.deb
ruby1.8_1.8.7.72-3.1.diff.gz
to pool/main/r/ruby1.8/ruby1.8_1.8.7.72-3.1.diff.gz
ruby1.8_1.8.7.72-3.1.dsc
to pool/main/r/ruby1.8/ruby1.8_1.8.7.72-3.1.dsc
ruby1.8_1.8.7.72-3.1_amd64.deb
to pool/main/r/ruby1.8/ruby1.8_1.8.7.72-3.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 522...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <n...@debian.org> (supplier of updated ruby1.8 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 07 Apr 2009 15:52:53 +0200
Source: ruby1.8
Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libdbm-ruby1.8
libgdbm-ruby1.8 libreadline-ruby1.8 libtcltk-ruby1.8 libopenssl-ruby1.8
ruby1.8-examples ruby1.8-elisp ri1.8 rdoc1.8 irb1.8
Architecture: source all amd64
Version: 1.8.7.72-3.1
Distribution: unstable
Urgency: high
Maintainer: akira yamada <ak...@debian.org>
Changed-By: Nico Golde <n...@debian.org>
Description:
irb1.8 - Interactive Ruby (for Ruby 1.8)
libdbm-ruby1.8 - DBM interface for Ruby 1.8
libgdbm-ruby1.8 - GDBM interface for Ruby 1.8
libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8
libreadline-ruby1.8 - Readline interface for Ruby 1.8
libruby1.8 - Libraries necessary to run Ruby 1.8
libruby1.8-dbg - Debugging symbols for Ruby 1.8
libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
rdoc1.8 - Generate documentation from Ruby source files (for Ruby 1.8)
ri1.8 - Ruby Interactive reference (for Ruby 1.8)
ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8
ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
ruby1.8-elisp - ruby-mode for Emacsen
ruby1.8-examples - Examples for Ruby 1.8
Closes: 517639 522939
Changes:
ruby1.8 (1.8.7.72-3.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add upstream patch to properly check return values of the
OCSP_basic_verify function (CVE-2009-0642; Closes: #522939,#517639)
Checksums-Sha1:
a766ebfd3414c81b0438838bc76fac0892c15580 1633 ruby1.8_1.8.7.72-3.1.dsc
109d479688b92ffe0bf80c9ca842f8255fe5daab 47877 ruby1.8_1.8.7.72-3.1.diff.gz
37eb1cdf043341faa50cc00820079f4a78f5f0ea 309048
ruby1.8-examples_1.8.7.72-3.1_all.deb
a5db20e64ce669f7955f02bac25901926218a7c3 277464
ruby1.8-elisp_1.8.7.72-3.1_all.deb
7cf08c230b67f69da7569a378719d63428b9a22e 1413148 ri1.8_1.8.7.72-3.1_all.deb
5d5e4d00c40cf0e841e7d49f0f0a8f52a13e234f 376916 rdoc1.8_1.8.7.72-3.1_all.deb
d0b59f3002b0cf1d04bc9f055458e0ec02ed6d31 304114 irb1.8_1.8.7.72-3.1_all.deb
9fde9e9dab828a09281e6adbe7879d773e4fbfaa 283672 ruby1.8_1.8.7.72-3.1_amd64.deb
323082894853b818e3e3a6d59938ed19a3c348f6 1743470
libruby1.8_1.8.7.72-3.1_amd64.deb
c5ec9367a3505eaec07b2517bf761da1e250cacb 1539480
libruby1.8-dbg_1.8.7.72-3.1_amd64.deb
b1d9ef922365e466a823a38cf1027f557ff9159c 866076
ruby1.8-dev_1.8.7.72-3.1_amd64.deb
00c75e8a555eba429655d8b0566622ee0b2265b0 265880
libdbm-ruby1.8_1.8.7.72-3.1_amd64.deb
01fa3231f7d050328592ecec6ad272d3579c5850 265068
libgdbm-ruby1.8_1.8.7.72-3.1_amd64.deb
6a82563bb9bc8834960837de0955b8a7d72ebc6f 264682
libreadline-ruby1.8_1.8.7.72-3.1_amd64.deb
fddf000916f3a652938509275c7ead639d246850 2007318
libtcltk-ruby1.8_1.8.7.72-3.1_amd64.deb
f1c2e5b92c2174f2722fac45254cbbd244ed31a8 392348
libopenssl-ruby1.8_1.8.7.72-3.1_amd64.deb
Checksums-Sha256:
dc33edfdf775bd21bf7583a32a12500be7490774c3f37112876d71392c2451cf 1633
ruby1.8_1.8.7.72-3.1.dsc
52a5b32fcffe4c7da2808d7b130d11563ef98f00455db11d98098731d44f2505 47877
ruby1.8_1.8.7.72-3.1.diff.gz
72641de68d1a1407deff27139553b9322c101e7465fcefb1e5554c3d2258dda6 309048
ruby1.8-examples_1.8.7.72-3.1_all.deb
efdd5459e6de977acc6d665a610ca6887209b390d21bb6cc449d1b6ea0dbac4f 277464
ruby1.8-elisp_1.8.7.72-3.1_all.deb
4a3274b4e72d1a05c8527492f0ec52f00c25580faa8c4c62d95f3b6e5741e8f4 1413148
ri1.8_1.8.7.72-3.1_all.deb
f24b601db01015ed2938ee1c2580ed3a0392c079a73dfb35f89d9f78733a583b 376916
rdoc1.8_1.8.7.72-3.1_all.deb
7c9824fa37bb24091e2831ec7973d3c042b57e2a6bb6cae0c5bf2cfc1e0d1aba 304114
irb1.8_1.8.7.72-3.1_all.deb
6a2b1408477dd92d00bc68735c50341cf3f35bd55817b59da081e413a477e874 283672
ruby1.8_1.8.7.72-3.1_amd64.deb
62c2ad8d5ff1aa3d65278437e6efe2d6395454da1b4a859540bf03733627458d 1743470
libruby1.8_1.8.7.72-3.1_amd64.deb
ca823286df3c11f5c60fc747a1df296383ed40764798c1d0fabca76bd05492a5 1539480
libruby1.8-dbg_1.8.7.72-3.1_amd64.deb
6e9a53a03fc42a37ba94b96978cf5abc663b4472ce38def3ae3b994b3e988fcd 866076
ruby1.8-dev_1.8.7.72-3.1_amd64.deb
b679b948a0d4c10ca62a92167755fda4c548db20b0cc83b70d39eabf1ced386f 265880
libdbm-ruby1.8_1.8.7.72-3.1_amd64.deb
275310d919356e13041ffd06414fd60224fc0d84a3fa45b23c4daa20351391d0 265068
libgdbm-ruby1.8_1.8.7.72-3.1_amd64.deb
cbc1b912012f866a1068dac9c6179349f43b702506dbdf977c2f495e7f54ac9c 264682
libreadline-ruby1.8_1.8.7.72-3.1_amd64.deb
a533c414b6f8905f0a0afca08b87af32eb2209e8a030592d3959c629e5ec577c 2007318
libtcltk-ruby1.8_1.8.7.72-3.1_amd64.deb
6e375504c5b689af2ef967ed2f5a370b94fe31aa6e4631d164fa1d1a7415d295 392348
libopenssl-ruby1.8_1.8.7.72-3.1_amd64.deb
Files:
6cf8267810bfec2f067ce73665b4784e 1633 interpreters optional
ruby1.8_1.8.7.72-3.1.dsc
212497bfff10c9bd8058a931e65c5fcc 47877 interpreters optional
ruby1.8_1.8.7.72-3.1.diff.gz
86292579b94a41232785d04fd784b71e 309048 interpreters optional
ruby1.8-examples_1.8.7.72-3.1_all.deb
822282fb8c4a3c2b5975b523a5b1cbfe 277464 interpreters optional
ruby1.8-elisp_1.8.7.72-3.1_all.deb
2896f78a9ae9fd9114499c0f6929a31c 1413148 interpreters optional
ri1.8_1.8.7.72-3.1_all.deb
f27b7dc9e15e139ef9c803ed17957566 376916 doc optional
rdoc1.8_1.8.7.72-3.1_all.deb
0eec0568cd96f663839f838043c54a4c 304114 interpreters optional
irb1.8_1.8.7.72-3.1_all.deb
91f06f1eca7095c5884e3eb4e1e3ae1e 283672 interpreters optional
ruby1.8_1.8.7.72-3.1_amd64.deb
9bc2791a58d96378a00b03f72457e983 1743470 libs optional
libruby1.8_1.8.7.72-3.1_amd64.deb
c7c1d8ad789a64108d11fd971138d3ff 1539480 libdevel extra
libruby1.8-dbg_1.8.7.72-3.1_amd64.deb
c06394fbe71692aedf34abf13af2fe54 866076 devel optional
ruby1.8-dev_1.8.7.72-3.1_amd64.deb
36f75d0150b0bc2cf2babc8806f11234 265880 interpreters optional
libdbm-ruby1.8_1.8.7.72-3.1_amd64.deb
9a6c9ed050a1a0b339a9ee3d1c0fde6c 265068 interpreters optional
libgdbm-ruby1.8_1.8.7.72-3.1_amd64.deb
d1ebc743ea9e2c4837a58af0dd79ac3d 264682 interpreters optional
libreadline-ruby1.8_1.8.7.72-3.1_amd64.deb
4bfa5790baf565b10cdcdf2eaf516847 2007318 interpreters optional
libtcltk-ruby1.8_1.8.7.72-3.1_amd64.deb
c638bb67fe0d599a01098eff9851db09 392348 interpreters optional
libopenssl-ruby1.8_1.8.7.72-3.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkncsM0ACgkQHYflSXNkfP8nUwCeMpAuyVW3NoDOWG8SaOCxybAb
MdMAn3m6Q2Ypo+EpRHxcksmT/0Jh5WWy
=/6ir
-----END PGP SIGNATURE-----
--- End Message ---
