Your message dated Fri, 02 Mar 2018 22:47:17 +0000
with message-id <e1ertsp-000hik...@fasolo.debian.org>
and subject line Bug#882034: fixed in ruby-redis-store 1.1.6-1+deb9u1
has caused the Debian Bug report #882034,
regarding ruby-redis-store: CVE-2017-1000248
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882034
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ruby-redis-store
Version: 1.1.6-1
Severity: grave
Tags: patch security upstream
Forwarded: https://github.com/redis-store/redis-store/issues/289
Control: found -1 1.3.0-1

Hi,

the following vulnerability was published for ruby-redis-store.

CVE-2017-1000248[0]:
| Redis-store &lt;=v1.3.0 allows unsafe objects to be loaded from redis

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-1000248
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000248
[1] https://github.com/redis-store/redis-store/issues/289

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: ruby-redis-store
Source-Version: 1.1.6-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
ruby-redis-store, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 882...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cédric Boutillier <bou...@debian.org> (supplier of updated ruby-redis-store 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 01 Dec 2017 17:22:29 +0100
Source: ruby-redis-store
Binary: ruby-redis-store
Architecture: source
Version: 1.1.6-1+deb9u1
Distribution: stretch
Urgency: high
Maintainer: Debian Ruby Extras Maintainers 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Cédric Boutillier <bou...@debian.org>
Description:
 ruby-redis-store - redis stores for Ruby frameworks
Closes: 882034
Changes:
 ruby-redis-store (1.1.6-1+deb9u1) stretch; urgency=high
 .
   * Team upload
   * Add upstream patch to fix CVE-2017-1000248, allowing unsafe objects to be
     loaded from redis (Closes: #882034)
Checksums-Sha1:
 4567080e54a3504025b13560045f78d66da62734 1863 
ruby-redis-store_1.1.6-1+deb9u1.dsc
 a52462c2cbce69022fe4a5724059431a0fa89c47 6436 
ruby-redis-store_1.1.6-1+deb9u1.debian.tar.xz
 b8a6b0e807a023650f88ef5feb93577f6b65bbe6 6719 
ruby-redis-store_1.1.6-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
 3c56ca31d0c105953252c63a3caac2bfd0479fb109677a3c0f19a8a80b28af28 1863 
ruby-redis-store_1.1.6-1+deb9u1.dsc
 ac0a0941fd8f9b661dca1f4bf223f2a927e43b658a4a83751afab532136b4070 6436 
ruby-redis-store_1.1.6-1+deb9u1.debian.tar.xz
 27539d4a8efba972097e5b4ea13f84a58b8121b35a040928bcb05420094c934f 6719 
ruby-redis-store_1.1.6-1+deb9u1_amd64.buildinfo
Files:
 c09005074842c9c3632a577a4ccf738c 1863 ruby optional 
ruby-redis-store_1.1.6-1+deb9u1.dsc
 4ae707e48b4e95f08297192ed0c0a027 6436 ruby optional 
ruby-redis-store_1.1.6-1+deb9u1.debian.tar.xz
 0423f7da800cfb6684632216663e74ef 6719 ruby optional 
ruby-redis-store_1.1.6-1+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAlqY94cACgkQia+CtznN
IXqZTQf+PY5q2f6HO40oQt0WTFJvuT9F+eF1X4OFu6MjwKniP9xiuhUmE+qu/W58
nV8yssYetGW2WDZ4t+FSLOD8EqPDrJGOsc9v+8dOIxVzimQz4Q6f2BF/S74owZVM
bJKXSwiGJw4lukCsyjhV4ILx3E31byPxVD3GDXzMczo4BlnV2/JsaEvXjyc2Y80c
7MvClbMU20HZliyxVtV5mUn+1lljFugzW+hqtQgOugdHSsgS/motDceH/HM6NAJV
W8/CdOK5YNdEWAotLkvyrK6bJnJd+KC7OpyD3eSU//snMRLUTGxI6UJWv1OwUWYB
LaejPB+PgrFoSqhXaAcji2BN4U4vYw==
=tjtj
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to