Your message dated Wed, 08 Apr 2009 15:18:33 +0000 with message-id <e1lrzxt-0007s9...@ries.debian.org> and subject line Bug#522939: fixed in ruby1.8 1.8.7.72-3.1 has caused the Debian Bug report #522939, regarding ruby1.8: CVE-2009-0642 not properly checking the return value of OCSP_basic_verify to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 522939: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522939 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ruby1.8 Version: FILLINAFFECTEDVERSION Severity: FILLINSEVERITY Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for ruby1.8. CVE-2009-0642[0]: | ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check | the return value from the OCSP_basic_verify function, which might | allow remote attackers to successfully present an invalid X.509 | certificate, possibly involving a revoked certificate. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0642 http://security-tracker.debian.net/tracker/CVE-2009-0642 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgp1oMBpRCUke.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: ruby1.8 Source-Version: 1.8.7.72-3.1 We believe that the bug you reported is fixed in the latest version of ruby1.8, which is due to be installed in the Debian FTP archive: irb1.8_1.8.7.72-3.1_all.deb to pool/main/r/ruby1.8/irb1.8_1.8.7.72-3.1_all.deb libdbm-ruby1.8_1.8.7.72-3.1_amd64.deb to pool/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3.1_amd64.deb libgdbm-ruby1.8_1.8.7.72-3.1_amd64.deb to pool/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3.1_amd64.deb libopenssl-ruby1.8_1.8.7.72-3.1_amd64.deb to pool/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3.1_amd64.deb libreadline-ruby1.8_1.8.7.72-3.1_amd64.deb to pool/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3.1_amd64.deb libruby1.8-dbg_1.8.7.72-3.1_amd64.deb to pool/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3.1_amd64.deb libruby1.8_1.8.7.72-3.1_amd64.deb to pool/main/r/ruby1.8/libruby1.8_1.8.7.72-3.1_amd64.deb libtcltk-ruby1.8_1.8.7.72-3.1_amd64.deb to pool/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3.1_amd64.deb rdoc1.8_1.8.7.72-3.1_all.deb to pool/main/r/ruby1.8/rdoc1.8_1.8.7.72-3.1_all.deb ri1.8_1.8.7.72-3.1_all.deb to pool/main/r/ruby1.8/ri1.8_1.8.7.72-3.1_all.deb ruby1.8-dev_1.8.7.72-3.1_amd64.deb to pool/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3.1_amd64.deb ruby1.8-elisp_1.8.7.72-3.1_all.deb to pool/main/r/ruby1.8/ruby1.8-elisp_1.8.7.72-3.1_all.deb ruby1.8-examples_1.8.7.72-3.1_all.deb to pool/main/r/ruby1.8/ruby1.8-examples_1.8.7.72-3.1_all.deb ruby1.8_1.8.7.72-3.1.diff.gz to pool/main/r/ruby1.8/ruby1.8_1.8.7.72-3.1.diff.gz ruby1.8_1.8.7.72-3.1.dsc to pool/main/r/ruby1.8/ruby1.8_1.8.7.72-3.1.dsc ruby1.8_1.8.7.72-3.1_amd64.deb to pool/main/r/ruby1.8/ruby1.8_1.8.7.72-3.1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 522...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <n...@debian.org> (supplier of updated ruby1.8 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 07 Apr 2009 15:52:53 +0200 Source: ruby1.8 Binary: ruby1.8 libruby1.8 libruby1.8-dbg ruby1.8-dev libdbm-ruby1.8 libgdbm-ruby1.8 libreadline-ruby1.8 libtcltk-ruby1.8 libopenssl-ruby1.8 ruby1.8-examples ruby1.8-elisp ri1.8 rdoc1.8 irb1.8 Architecture: source all amd64 Version: 1.8.7.72-3.1 Distribution: unstable Urgency: high Maintainer: akira yamada <ak...@debian.org> Changed-By: Nico Golde <n...@debian.org> Description: irb1.8 - Interactive Ruby (for Ruby 1.8) libdbm-ruby1.8 - DBM interface for Ruby 1.8 libgdbm-ruby1.8 - GDBM interface for Ruby 1.8 libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8 libreadline-ruby1.8 - Readline interface for Ruby 1.8 libruby1.8 - Libraries necessary to run Ruby 1.8 libruby1.8-dbg - Debugging symbols for Ruby 1.8 libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8 rdoc1.8 - Generate documentation from Ruby source files (for Ruby 1.8) ri1.8 - Ruby Interactive reference (for Ruby 1.8) ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8 ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8 ruby1.8-elisp - ruby-mode for Emacsen ruby1.8-examples - Examples for Ruby 1.8 Closes: 517639 522939 Changes: ruby1.8 (1.8.7.72-3.1) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Add upstream patch to properly check return values of the OCSP_basic_verify function (CVE-2009-0642; Closes: #522939,#517639) Checksums-Sha1: a766ebfd3414c81b0438838bc76fac0892c15580 1633 ruby1.8_1.8.7.72-3.1.dsc 109d479688b92ffe0bf80c9ca842f8255fe5daab 47877 ruby1.8_1.8.7.72-3.1.diff.gz 37eb1cdf043341faa50cc00820079f4a78f5f0ea 309048 ruby1.8-examples_1.8.7.72-3.1_all.deb a5db20e64ce669f7955f02bac25901926218a7c3 277464 ruby1.8-elisp_1.8.7.72-3.1_all.deb 7cf08c230b67f69da7569a378719d63428b9a22e 1413148 ri1.8_1.8.7.72-3.1_all.deb 5d5e4d00c40cf0e841e7d49f0f0a8f52a13e234f 376916 rdoc1.8_1.8.7.72-3.1_all.deb d0b59f3002b0cf1d04bc9f055458e0ec02ed6d31 304114 irb1.8_1.8.7.72-3.1_all.deb 9fde9e9dab828a09281e6adbe7879d773e4fbfaa 283672 ruby1.8_1.8.7.72-3.1_amd64.deb 323082894853b818e3e3a6d59938ed19a3c348f6 1743470 libruby1.8_1.8.7.72-3.1_amd64.deb c5ec9367a3505eaec07b2517bf761da1e250cacb 1539480 libruby1.8-dbg_1.8.7.72-3.1_amd64.deb b1d9ef922365e466a823a38cf1027f557ff9159c 866076 ruby1.8-dev_1.8.7.72-3.1_amd64.deb 00c75e8a555eba429655d8b0566622ee0b2265b0 265880 libdbm-ruby1.8_1.8.7.72-3.1_amd64.deb 01fa3231f7d050328592ecec6ad272d3579c5850 265068 libgdbm-ruby1.8_1.8.7.72-3.1_amd64.deb 6a82563bb9bc8834960837de0955b8a7d72ebc6f 264682 libreadline-ruby1.8_1.8.7.72-3.1_amd64.deb fddf000916f3a652938509275c7ead639d246850 2007318 libtcltk-ruby1.8_1.8.7.72-3.1_amd64.deb f1c2e5b92c2174f2722fac45254cbbd244ed31a8 392348 libopenssl-ruby1.8_1.8.7.72-3.1_amd64.deb Checksums-Sha256: dc33edfdf775bd21bf7583a32a12500be7490774c3f37112876d71392c2451cf 1633 ruby1.8_1.8.7.72-3.1.dsc 52a5b32fcffe4c7da2808d7b130d11563ef98f00455db11d98098731d44f2505 47877 ruby1.8_1.8.7.72-3.1.diff.gz 72641de68d1a1407deff27139553b9322c101e7465fcefb1e5554c3d2258dda6 309048 ruby1.8-examples_1.8.7.72-3.1_all.deb efdd5459e6de977acc6d665a610ca6887209b390d21bb6cc449d1b6ea0dbac4f 277464 ruby1.8-elisp_1.8.7.72-3.1_all.deb 4a3274b4e72d1a05c8527492f0ec52f00c25580faa8c4c62d95f3b6e5741e8f4 1413148 ri1.8_1.8.7.72-3.1_all.deb f24b601db01015ed2938ee1c2580ed3a0392c079a73dfb35f89d9f78733a583b 376916 rdoc1.8_1.8.7.72-3.1_all.deb 7c9824fa37bb24091e2831ec7973d3c042b57e2a6bb6cae0c5bf2cfc1e0d1aba 304114 irb1.8_1.8.7.72-3.1_all.deb 6a2b1408477dd92d00bc68735c50341cf3f35bd55817b59da081e413a477e874 283672 ruby1.8_1.8.7.72-3.1_amd64.deb 62c2ad8d5ff1aa3d65278437e6efe2d6395454da1b4a859540bf03733627458d 1743470 libruby1.8_1.8.7.72-3.1_amd64.deb ca823286df3c11f5c60fc747a1df296383ed40764798c1d0fabca76bd05492a5 1539480 libruby1.8-dbg_1.8.7.72-3.1_amd64.deb 6e9a53a03fc42a37ba94b96978cf5abc663b4472ce38def3ae3b994b3e988fcd 866076 ruby1.8-dev_1.8.7.72-3.1_amd64.deb b679b948a0d4c10ca62a92167755fda4c548db20b0cc83b70d39eabf1ced386f 265880 libdbm-ruby1.8_1.8.7.72-3.1_amd64.deb 275310d919356e13041ffd06414fd60224fc0d84a3fa45b23c4daa20351391d0 265068 libgdbm-ruby1.8_1.8.7.72-3.1_amd64.deb cbc1b912012f866a1068dac9c6179349f43b702506dbdf977c2f495e7f54ac9c 264682 libreadline-ruby1.8_1.8.7.72-3.1_amd64.deb a533c414b6f8905f0a0afca08b87af32eb2209e8a030592d3959c629e5ec577c 2007318 libtcltk-ruby1.8_1.8.7.72-3.1_amd64.deb 6e375504c5b689af2ef967ed2f5a370b94fe31aa6e4631d164fa1d1a7415d295 392348 libopenssl-ruby1.8_1.8.7.72-3.1_amd64.deb Files: 6cf8267810bfec2f067ce73665b4784e 1633 interpreters optional ruby1.8_1.8.7.72-3.1.dsc 212497bfff10c9bd8058a931e65c5fcc 47877 interpreters optional ruby1.8_1.8.7.72-3.1.diff.gz 86292579b94a41232785d04fd784b71e 309048 interpreters optional ruby1.8-examples_1.8.7.72-3.1_all.deb 822282fb8c4a3c2b5975b523a5b1cbfe 277464 interpreters optional ruby1.8-elisp_1.8.7.72-3.1_all.deb 2896f78a9ae9fd9114499c0f6929a31c 1413148 interpreters optional ri1.8_1.8.7.72-3.1_all.deb f27b7dc9e15e139ef9c803ed17957566 376916 doc optional rdoc1.8_1.8.7.72-3.1_all.deb 0eec0568cd96f663839f838043c54a4c 304114 interpreters optional irb1.8_1.8.7.72-3.1_all.deb 91f06f1eca7095c5884e3eb4e1e3ae1e 283672 interpreters optional ruby1.8_1.8.7.72-3.1_amd64.deb 9bc2791a58d96378a00b03f72457e983 1743470 libs optional libruby1.8_1.8.7.72-3.1_amd64.deb c7c1d8ad789a64108d11fd971138d3ff 1539480 libdevel extra libruby1.8-dbg_1.8.7.72-3.1_amd64.deb c06394fbe71692aedf34abf13af2fe54 866076 devel optional ruby1.8-dev_1.8.7.72-3.1_amd64.deb 36f75d0150b0bc2cf2babc8806f11234 265880 interpreters optional libdbm-ruby1.8_1.8.7.72-3.1_amd64.deb 9a6c9ed050a1a0b339a9ee3d1c0fde6c 265068 interpreters optional libgdbm-ruby1.8_1.8.7.72-3.1_amd64.deb d1ebc743ea9e2c4837a58af0dd79ac3d 264682 interpreters optional libreadline-ruby1.8_1.8.7.72-3.1_amd64.deb 4bfa5790baf565b10cdcdf2eaf516847 2007318 interpreters optional libtcltk-ruby1.8_1.8.7.72-3.1_amd64.deb c638bb67fe0d599a01098eff9851db09 392348 interpreters optional libopenssl-ruby1.8_1.8.7.72-3.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkncsM0ACgkQHYflSXNkfP8nUwCeMpAuyVW3NoDOWG8SaOCxybAb MdMAn3m6Q2Ypo+EpRHxcksmT/0Jh5WWy =/6ir -----END PGP SIGNATURE-----
--- End Message ---