Your message dated Tue, 26 Jul 2011 06:17:39 +0000
with message-id <[email protected]>
and subject line Bug#628450: fixed in ruby1.9.1 1.9.2.290-1
has caused the Debian Bug report #628450,
regarding CVE-2011-0188: arbitrary code execution
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
628450: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628450
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libruby1.9.1
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for openswan.
CVE-2011-0188[0]:
| The VpMemAlloc function in bigdecimal.c in the BigDecimal class in
| Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7
| and other platforms, does not properly allocate memory, which allows
| context-dependent attackers to execute arbitrary code or cause a
| denial of service (application crash) via vectors involving creation
| of a large BigDecimal value within a 64-bit process, related to an
| "integer truncation issue."
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers,
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0188
http://security-tracker.debian.org/tracker/CVE-2011-0188
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3hvn8ACgkQ62zWxYk/rQcwRwCgzw5DWA1pXf1s6UEspwZw4tyG
3vgAnjWwBi4Jc1LFmGERLPQsQ3YSlqJk
=YL70
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: ruby1.9.1
Source-Version: 1.9.2.290-1
We believe that the bug you reported is fixed in the latest version of
ruby1.9.1, which is due to be installed in the Debian FTP archive:
ri1.9.1_1.9.2.290-1_all.deb
to main/r/ruby1.9.1/ri1.9.1_1.9.2.290-1_all.deb
ruby1.9.1-examples_1.9.2.290-1_all.deb
to main/r/ruby1.9.1/ruby1.9.1-examples_1.9.2.290-1_all.deb
ruby1.9.1-full_1.9.2.290-1_all.deb
to main/r/ruby1.9.1/ruby1.9.1-full_1.9.2.290-1_all.deb
ruby1.9.1_1.9.2.290-1.debian.tar.gz
to main/r/ruby1.9.1/ruby1.9.1_1.9.2.290-1.debian.tar.gz
ruby1.9.1_1.9.2.290-1.dsc
to main/r/ruby1.9.1/ruby1.9.1_1.9.2.290-1.dsc
ruby1.9.1_1.9.2.290.orig.tar.gz
to main/r/ruby1.9.1/ruby1.9.1_1.9.2.290.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lucas Nussbaum <[email protected]> (supplier of updated ruby1.9.1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 Jul 2011 20:27:20 +0200
Source: ruby1.9.1
Binary: ruby1.9.1 libruby1.9.1 libruby1.9.1-dbg ruby1.9.1-dev
libtcltk-ruby1.9.1 ruby1.9.1-examples ri1.9.1 ruby1.9.1-full
Architecture: source all
Version: 1.9.2.290-1
Distribution: unstable
Urgency: low
Maintainer: akira yamada <[email protected]>
Changed-By: Lucas Nussbaum <[email protected]>
Description:
libruby1.9.1 - Libraries necessary to run Ruby 1.9.1
libruby1.9.1-dbg - Debugging symbols for Ruby 1.9.1
libtcltk-ruby1.9.1 - Tcl/Tk interface for Ruby 1.9.1
ri1.9.1 - Ruby Interactive reference (for Ruby 1.9.1)
ruby1.9.1 - Interpreter of object-oriented scripting language Ruby 1.9.2
ruby1.9.1-dev - Header files for compiling extension modules for the Ruby 1.9.1
ruby1.9.1-examples - Examples for Ruby 1.9
ruby1.9.1-full - Ruby 1.9.1 full installation
Closes: 628450
Changes:
ruby1.9.1 (1.9.2.290-1) unstable; urgency=low
.
[ Daigo Moriwaki ]
* New upstream release.
* Removed debian/patches/110411_disable_osslv2.patch, which has been applied
by the upstream.
* Added a patch: debian/patches/debian/patches/110716-bigdecimal,
which was backported from the upstream (r30993)
(CVE-2011-0188; Closes: 628450)
.
[ Lucas Nussbaum ]
* Build-depend on tcl-dev and tk-dev instead of {tcl,tk}8.4-dev.
* Update Lucas' email address.
* Add 110825-ossl-config.diff: backport changes to the OpenSSL
extension to fix test failure.
* Add patch 110720_tcltk_disable_rpath.diff: disable rpath in tcltk.
Checksums-Sha1:
6e4b34ada30d1e1d0b4712f57c6fa902f3f59656 2212 ruby1.9.1_1.9.2.290-1.dsc
16fc9cf2223fc34821bc491fb3827f11cc5627ec 11182217
ruby1.9.1_1.9.2.290.orig.tar.gz
ae5bda548b4d87f8475a821107d805671f9d70bf 49911
ruby1.9.1_1.9.2.290-1.debian.tar.gz
8641308556ba8b1f578c1c1b494a07fbc8cc532a 801690
ruby1.9.1-examples_1.9.2.290-1_all.deb
59f0f6946fd64140e9ff053ad82ee535a644404e 2108968 ri1.9.1_1.9.2.290-1_all.deb
f232e4cbf27ceb86e5328f99167d6c0ccecf1019 738936
ruby1.9.1-full_1.9.2.290-1_all.deb
Checksums-Sha256:
8fa4c093c977955519343fea0e593ca7005e41f089f81dec8367d15a104d01be 2212
ruby1.9.1_1.9.2.290-1.dsc
1cc817575c4944d3d78959024320ed1d5b7c2b4931a855772dacad7c3f6ebd7e 11182217
ruby1.9.1_1.9.2.290.orig.tar.gz
ce4df287cbb3d094a3d2a76ec8c167982b9cd8711009716e22adcdec8a2a464d 49911
ruby1.9.1_1.9.2.290-1.debian.tar.gz
59a7dc4148b37cb5035a308528ffec52fd5a4e3db1ade2351369fed3266be5ae 801690
ruby1.9.1-examples_1.9.2.290-1_all.deb
57c9ee204465f889431324b4f5ea9ac90e671b5fe2b1f5a0af9752d4ac35bce7 2108968
ri1.9.1_1.9.2.290-1_all.deb
37c0d0368f08784ff0e981c45e842a0b69ead35583845f726e4ee93d259b45b8 738936
ruby1.9.1-full_1.9.2.290-1_all.deb
Files:
be04811ba83b584827cf21b99bce665f 2212 ruby optional ruby1.9.1_1.9.2.290-1.dsc
604da71839a6ae02b5b5b5e1b792d5eb 11182217 ruby optional
ruby1.9.1_1.9.2.290.orig.tar.gz
28cbcd42304d7861e6a7ecc35b91aeab 49911 ruby optional
ruby1.9.1_1.9.2.290-1.debian.tar.gz
ae4daef7d90dd5c60a7819264af5ba18 801690 ruby optional
ruby1.9.1-examples_1.9.2.290-1_all.deb
cb19e9d4e09ff6790effbcbc76a44486 2108968 ruby optional
ri1.9.1_1.9.2.290-1_all.deb
d2a626aa29c9102a72aaecd97338c966 738936 ruby optional
ruby1.9.1-full_1.9.2.290-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIVAwUBTi25mjkUtTL0376ZAQoiGhAApzbDMZHA5/kp8/eXn6BDhmKVAt/8WtOJ
C0RPU7q0e1J8qM7OEgfee+qynRz4+SUielLZG88rqXIjA/z1KcWJwuGiDS55Olho
gG99HiFHOJfFVhp4GvqqLUG27BUTGMbFKp1/3VuOOFx/SjNu29Sw3L92pC68i31p
l/xec5P1ZsX4oYxgAcyDEiW2Yh6Ku8THXVqXVzBs8J6tk9v3Rx9jvdH5CUCjXuhx
pMM/RIWBDNH4dsGZDr/dlyugs3Rqp+PMu+zxnF3NAMayLflOalK6JYPvH8+sKgth
yVf3t0zUy0Q/ocQh9Uct9mbpNpEN803PZHUkf50sXI53cCB9rqHRZ797t/KF0825
5c6XF+seh4SFnP3y8BEU4ZmPyhVaUrA71jUlF6yprTgn9bVAf7vtvX5+7U92oCgd
EjzlWvQI7ZO5US67T4rcm9vKSrh7Y672oUhZsDMEzAH4deQqn5YE39DnzJJVlp5I
80gDFmL5S0yIKKC2lFvNt2VGqJkJJBnPUeAcszFexf5Im057/f4s9E5PZs1198to
h7JtkTBTLKMHjq8l+yD2rsqsH4KogdQxwLRAImZWzrz/AMcsVy3Y3YDl0oh9gzGq
LbI520R1ElBjj1BKkH/f9CyRtThWp5dIsq+muY5ZR461Z5aWaTQUSdTDjeLyHzb2
OKLn8PRRPxc=
=QgUx
-----END PGP SIGNATURE-----
--- End Message ---
