Your message dated Tue, 18 Dec 2007 07:52:54 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#444929: fixed in ruby1.8 1.8.5-4etch1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: ruby1.8
Version: 1.8.5-4
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ruby1.8.
CVE-2007-5162[0]:
| The connect method in lib/net/http.rb in the (1) Net::HTTP and (2)
| Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the
| commonName (CN) field in a server certificate matches the domain name
| in an HTTPS request, which makes it easier for remote attackers to
| intercept SSL transmissions via a man-in-the-middle attack or spoofed
| web site.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
You can find a patch on:
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5162
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpo4ze0fcb9Q.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: ruby1.8
Source-Version: 1.8.5-4etch1
We believe that the bug you reported is fixed in the latest version of
ruby1.8, which is due to be installed in the Debian FTP archive:
irb1.8_1.8.5-4etch1_all.deb
to pool/main/r/ruby1.8/irb1.8_1.8.5-4etch1_all.deb
libdbm-ruby1.8_1.8.5-4etch1_i386.deb
to pool/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch1_i386.deb
libgdbm-ruby1.8_1.8.5-4etch1_i386.deb
to pool/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch1_i386.deb
libopenssl-ruby1.8_1.8.5-4etch1_i386.deb
to pool/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch1_i386.deb
libreadline-ruby1.8_1.8.5-4etch1_i386.deb
to pool/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch1_i386.deb
libruby1.8-dbg_1.8.5-4etch1_i386.deb
to pool/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch1_i386.deb
libruby1.8_1.8.5-4etch1_i386.deb
to pool/main/r/ruby1.8/libruby1.8_1.8.5-4etch1_i386.deb
libtcltk-ruby1.8_1.8.5-4etch1_i386.deb
to pool/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch1_i386.deb
rdoc1.8_1.8.5-4etch1_all.deb
to pool/main/r/ruby1.8/rdoc1.8_1.8.5-4etch1_all.deb
ri1.8_1.8.5-4etch1_all.deb
to pool/main/r/ruby1.8/ri1.8_1.8.5-4etch1_all.deb
ruby1.8-dev_1.8.5-4etch1_i386.deb
to pool/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch1_i386.deb
ruby1.8-elisp_1.8.5-4etch1_all.deb
to pool/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch1_all.deb
ruby1.8-examples_1.8.5-4etch1_all.deb
to pool/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch1_all.deb
ruby1.8_1.8.5-4etch1.diff.gz
to pool/main/r/ruby1.8/ruby1.8_1.8.5-4etch1.diff.gz
ruby1.8_1.8.5-4etch1.dsc
to pool/main/r/ruby1.8/ruby1.8_1.8.5-4etch1.dsc
ruby1.8_1.8.5-4etch1_i386.deb
to pool/main/r/ruby1.8/ruby1.8_1.8.5-4etch1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
akira yamada <[EMAIL PROTECTED]> (supplier of updated ruby1.8 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 16 Oct 2007 13:08:10 +0900
Source: ruby1.8
Binary: libtcltk-ruby1.8 libruby1.8-dbg rdoc1.8 libgdbm-ruby1.8 ruby1.8-dev
ruby1.8-elisp ruby1.8-examples libdbm-ruby1.8 irb1.8 ruby1.8
libreadline-ruby1.8 libopenssl-ruby1.8 libruby1.8 ri1.8
Architecture: source i386 all
Version: 1.8.5-4etch1
Distribution: stable-security
Urgency: high
Maintainer: akira yamada <[EMAIL PROTECTED]>
Changed-By: akira yamada <[EMAIL PROTECTED]>
Description:
irb1.8 - Interactive Ruby (for Ruby 1.8)
libdbm-ruby1.8 - DBM interface for Ruby 1.8
libgdbm-ruby1.8 - GDBM interface for Ruby 1.8
libopenssl-ruby1.8 - OpenSSL interface for Ruby 1.8
libreadline-ruby1.8 - Readline interface for Ruby 1.8
libruby1.8 - Libraries necessary to run Ruby 1.8
libruby1.8-dbg - Debugging symbols for Ruby 1.8
libtcltk-ruby1.8 - Tcl/Tk interface for Ruby 1.8
rdoc1.8 - Generate documentation from Ruby source files (for Ruby 1.8)
ri1.8 - Ruby Interactive reference (for Ruby 1.8)
ruby1.8 - Interpreter of object-oriented scripting language Ruby 1.8
ruby1.8-dev - Header files for compiling extension modules for the Ruby 1.8
ruby1.8-elisp - ruby-mode for Emacsen
ruby1.8-examples - Examples for Ruby 1.8
Closes: 444929
Changes:
ruby1.8 (1.8.5-4etch1) stable-security; urgency=high
.
* applied debian/patches/164_CVE-2007-5162.patch:
- security fixes for CVE-2007-5162.
- backported r13500, r13501 and r13657 from ruby_1_8 branch.
(closes: #444929)
Files:
fd83f6df787ffaf1262f95072b40a62a 1078 interpreters optional
ruby1.8_1.8.5-4etch1.dsc
aae9676332fcdd52f66c3d99b289878f 4434227 interpreters optional
ruby1.8_1.8.5.orig.tar.gz
ba883f546704659fcaaa6f8aa247f0b0 96987 interpreters optional
ruby1.8_1.8.5-4etch1.diff.gz
b2690af1cf6762a733aab90dcff6aa46 218948 interpreters optional
ruby1.8_1.8.5-4etch1_i386.deb
f3ab5f20931a3a019fae103c4c066b12 1532112 libs optional
libruby1.8_1.8.5-4etch1_i386.deb
3947ba865681c395c1914b980987cc3e 998788 libdevel extra
libruby1.8-dbg_1.8.5-4etch1_i386.deb
6a9bac4aa232529f504c90c4a80c79ec 719040 devel optional
ruby1.8-dev_1.8.5-4etch1_i386.deb
8f348428e7e6083ce5e227c5e1a5f6b9 197102 interpreters optional
libdbm-ruby1.8_1.8.5-4etch1_i386.deb
909defd6d71335937700c058aeba54c3 197810 interpreters optional
libgdbm-ruby1.8_1.8.5-4etch1_i386.deb
0e931602da1ae17f3d339ab591827f4e 197464 interpreters optional
libreadline-ruby1.8_1.8.5-4etch1_i386.deb
0de4f563e8c3ec1e7bb0f54854782fc1 1856154 interpreters optional
libtcltk-ruby1.8_1.8.5-4etch1_i386.deb
77dd046c1b7d34ac30fd5e1acf4ede7a 293252 interpreters optional
libopenssl-ruby1.8_1.8.5-4etch1_i386.deb
3f66cc3227b999b95a35131e21cf2ac2 244560 interpreters optional
ruby1.8-examples_1.8.5-4etch1_all.deb
00a62f3fe0793636f03b9fa688f7bfc3 210566 interpreters optional
ruby1.8-elisp_1.8.5-4etch1_all.deb
1a69b407508dc883ebb6d402b865c336 1244786 interpreters optional
ri1.8_1.8.5-4etch1_all.deb
e6dbda6e8445378b39672d458e8d59ef 309798 doc optional
rdoc1.8_1.8.5-4etch1_all.deb
11ddd1e4eda7b4bc58e6e386640bcc47 235140 interpreters optional
irb1.8_1.8.5-4etch1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHFsF2XzkxpuIT8aARAnruAJ9QYkgLn31W8WREJWDBrjf17gxphACfcEy4
JS1mMPJ9ga0TaHgnrs3A83Q=
=0VZ7
-----END PGP SIGNATURE-----
--- End Message ---
