Your message dated Tue, 07 Jun 2016 22:32:15 +0000
with message-id <[email protected]>
and subject line Bug#796344: fixed in ruby2.1 2.1.5-2+deb8u3
has caused the Debian Bug report #796344,
regarding CVE-2015-7551
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
796344: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ruby2.1
Version: 2.1.5-4
Severity: important
Tags: security
This has been assigned CVE-2009-5147:
http://seclists.org/oss-sec/2015/q3/222
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: ruby2.1
Source-Version: 2.1.5-2+deb8u3
We believe that the bug you reported is fixed in the latest version of
ruby2.1, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Petter Reinholdtsen <[email protected]> (supplier of updated ruby2.1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 07 Jun 2016 11:00:04 +0200
Source: ruby2.1
Binary: ruby2.1 libruby2.1 ruby2.1-dev ruby2.1-doc ruby2.1-tcltk
Architecture: source amd64 all
Version: 2.1.5-2+deb8u3
Distribution: jessie
Urgency: low
Maintainer: Antonio Terceiro <[email protected]>
Changed-By: Petter Reinholdtsen <[email protected]>
Description:
libruby2.1 - Libraries necessary to run Ruby 2.1
ruby2.1 - Interpreter of object-oriented scripting language Ruby
ruby2.1-dev - Header files for compiling extension modules for the Ruby 2.1
ruby2.1-doc - Documentation for Ruby 2.1
ruby2.1-tcltk - Ruby/Tk for Ruby 2.1
Closes: 796344
Changes:
ruby2.1 (2.1.5-2+deb8u3) jessie; urgency=low
.
* Non-maintainer upload to fix security problem.
* Fix CVE-2009-5147: DL::dlopen should not open a library with
tainted library name in safe mode (Closes: #796344). Based on
patch used in DLA-299-1, which was pulled from upstream.
* Fix CVE-2015-7551: Fiddle handles should not call functions with
tainted function names (Closes: #796344). Patch pulled from
upstream.
Checksums-Sha1:
b5541ca61ca692e63aed98ecc32391eedf91963e 2434 ruby2.1_2.1.5-2+deb8u3.dsc
94d2040790d3c29c0957aee49b02c2ad2f623a03 89948
ruby2.1_2.1.5-2+deb8u3.debian.tar.xz
417ccbb05c31f84502c76b22c14ab9998f3c476b 276318
ruby2.1_2.1.5-2+deb8u3_amd64.deb
02ccf9b5aa70309e4d98f137606fe74b3d2b1d3b 3290296
libruby2.1_2.1.5-2+deb8u3_amd64.deb
c2873c782e8116af50914b99ff3a90e3516c0b15 1100866
ruby2.1-dev_2.1.5-2+deb8u3_amd64.deb
f44f175543e0c1efcaf44cc538bd96bd861ba208 3385822
ruby2.1-doc_2.1.5-2+deb8u3_all.deb
ea100a4ebb7523ae0d78d1855b73a813a34c0844 477932
ruby2.1-tcltk_2.1.5-2+deb8u3_amd64.deb
Checksums-Sha256:
da3d26a08cdf39ffc0fb707a6f7dcd47d754a398ab5c155d04d929d40e259c18 2434
ruby2.1_2.1.5-2+deb8u3.dsc
92e3f5ddc522801d50458bcb6291cd235d27e5c426e3ccc9defe901cb36ef5d0 89948
ruby2.1_2.1.5-2+deb8u3.debian.tar.xz
5d7c90613015fd19fd81912f464ee680b7f549b735757d105e1dac3cc6b03b37 276318
ruby2.1_2.1.5-2+deb8u3_amd64.deb
574bf7c9f4016d3bb4b0b1983991cef187f724dd3b3fa7aa580d1904c320d3d2 3290296
libruby2.1_2.1.5-2+deb8u3_amd64.deb
22e4f86b33ca21bcfd767e884ed04d89c2e50473fb09329857d86528ee3ae79f 1100866
ruby2.1-dev_2.1.5-2+deb8u3_amd64.deb
3112555b44bf3bfebc907b238c5a64b985a62359e7a04aa48450e6ef4a34b006 3385822
ruby2.1-doc_2.1.5-2+deb8u3_all.deb
cc6e711b5423cec72f41a23e5f09cbc25cae9cb6ad9d89fde7d03fdf3d70a3fc 477932
ruby2.1-tcltk_2.1.5-2+deb8u3_amd64.deb
Files:
f4ff81e7436789ed1b2571cf439c21d7 2434 ruby extra ruby2.1_2.1.5-2+deb8u3.dsc
e2898ac980e98b32fbaf59b9c5946eb9 89948 ruby extra
ruby2.1_2.1.5-2+deb8u3.debian.tar.xz
9fc1ce34cbe4384c684aa4f8dc617388 276318 ruby extra
ruby2.1_2.1.5-2+deb8u3_amd64.deb
fb3fa242a1cdaabca8e7c0043ac28b15 3290296 libs extra
libruby2.1_2.1.5-2+deb8u3_amd64.deb
3e7e72ff042925f4c5787466490fd01f 1100866 ruby extra
ruby2.1-dev_2.1.5-2+deb8u3_amd64.deb
37d414ee9be8b7d986e0ad48c917bf19 3385822 doc extra
ruby2.1-doc_2.1.5-2+deb8u3_all.deb
5622395ae268664f3752d436bdb12c11 477932 ruby extra
ruby2.1-tcltk_2.1.5-2+deb8u3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXVrP/AAoJEIEoCqCHuvsOndMP/10nV0s73aBVRTobhrRgKC+w
p5x09mRZpemRun3FdxGSV2iha+wmeMZEB9PSmaeS0LbO4whmAS2x1otcBE94boI9
qhZKdHQ+sssksNgaB/HWfosdqZg7XTWeQ9nCiIvSScYTRs2/LSnY1+X7Dt9aQMC8
5aUIyN6KHvj8yT82M/zE159KCjE0pt6fMe8IF5OqiSa2xOPFyPwW8zfXZ1f1Z8Rx
Dg2439weR4zPBO5eRdT074aoSM9KuEnW6CZTciJh8gzazZfFbqx6fYPYFN+BQ4rd
Shjp2IkQS6ci2GG93lu1lc5+MA/US1d0RM1qNKEsNysISSIkYpSATg+LW/m3rLL9
eKCiV6bAI3UK3vITW7PpNMDBV50UB1YzHLWP3wgi1ExAB9MdNYagrWl6Pqvp70vs
w1r4FjI2vGTOsvLLQ9d0MgLK8OFHepyaU1+fhOcSdg1amRDJJytrxjyccG0NsEvi
IV0sgayrZAiWFglO2E9oFHGv8PXeZW2Wp2P8bDhTB6bBVRW71QMtJU7uK8qGG0s0
CMMFRnZ/VGMqQdJn0SwOF0UlsWSy3AG9t0tbIkSWdQyvhik5KWzCtoS3FibbNqGS
m3Tu9QVDsD36PySt6EOgVbCruJ2BrHgpVdtoZO7Ofvc+Ruu1WvMuoOulu8lt8uN+
FNUEi0etS+2FDezM7k5h
=E3pT
-----END PGP SIGNATURE-----
--- End Message ---
