Your message dated Fri, 05 Jun 2020 04:34:31 +0000 with message-id <e1jh43r-000gff...@fasolo.debian.org> and subject line Bug#961847: fixed in ruby-kaminari 1.0.1-6 has caused the Debian Bug report #961847, regarding ruby-kaminari: CVE-2020-11082 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 961847: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961847 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ruby-kaminari Version: 1.0.1-5 Severity: important Tags: security upstream Control: found -1 1.0.1-4 Hi, The following vulnerability was published for ruby-kaminari. CVE-2020-11082[0]: | In Kaminari before 1.2.1, there is a vulnerability that would allow an | attacker to inject arbitrary code into pages with pagination links. | This has been fixed in 1.2.1. Note that PARAM_KEY_BLACKLIST was renamed to PARAM_KEY_EXCEPT_LIST in v1.2.0 upstream to improve the wording (cf. upstream commit 1783c9cf13b24b580497896caa95c6faac10ac50). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-11082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11082 [1] https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8 [2] https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ruby-kaminari Source-Version: 1.0.1-6 Done: Utkarsh Gupta <utka...@debian.org> We believe that the bug you reported is fixed in the latest version of ruby-kaminari, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 961...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Utkarsh Gupta <utka...@debian.org> (supplier of updated ruby-kaminari package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 05 Jun 2020 09:41:16 +0530 Source: ruby-kaminari Architecture: source Version: 1.0.1-6 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Utkarsh Gupta <utka...@debian.org> Closes: 961847 Changes: ruby-kaminari (1.0.1-6) unstable; urgency=medium . [ Debian Janitor ] * Trim trailing whitespace. * Use secure copyright file specification URI. * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. * Update standards version to 4.4.1, no changes needed. . [ Utkarsh Gupta ] * Add patch to blacklist "original_script_name" get param. (Fixes: CVE-2020-11082) (Closes: #961847) * Refresh d/patches * Bump debhelper-compat to 13 and Standards-Version to 4.5.0 * Add myself as an uploader Checksums-Sha1: b6ea0dd51833de6115941dd0faa0d04b2b73d225 2435 ruby-kaminari_1.0.1-6.dsc 1a65ca3d30719dfa279ff8bd315309bfe2d4001c 4200 ruby-kaminari_1.0.1-6.debian.tar.xz dbac819da6bb141db89f641b471ca46f92cca0b8 10088 ruby-kaminari_1.0.1-6_amd64.buildinfo Checksums-Sha256: 9e395d240e531de523704bad5f999a6a8d427e66d82eee8b868f27046aa3c66a 2435 ruby-kaminari_1.0.1-6.dsc e519d464748f3307df97c6cf68a1cf0e4f8c901d40fe1b4e25f50a605a986168 4200 ruby-kaminari_1.0.1-6.debian.tar.xz 6145a83f09e2a395774ce22aa90f7a6dd4e0c06ea0a5804e029a1c87fa22cce7 10088 ruby-kaminari_1.0.1-6_amd64.buildinfo Files: 5a2c8b12681ab4a7672d025798c3da05 2435 ruby optional ruby-kaminari_1.0.1-6.dsc b5d5ef2143d9b4c1a8f5174ebe4b7a33 4200 ruby optional ruby-kaminari_1.0.1-6.debian.tar.xz 0b32ea6586f36825b4b3f5120e04d129 10088 ruby optional ruby-kaminari_1.0.1-6_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl7Zx4YTHHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlhNOD/0UqMnLkfgbS809YgkLFxEYOOFGuYGk cN+twJOEA1tycpRJUqTp30VnIdkbe62dzay32N8NSzDdKwoTdV6S79diqaOiD5/9 uAgMd9i0fGhTtG+2BZT0xyWCDtNxp1OqHDloBqDTVYL5AOfVWKf1WCyaGl7uGBCj I2eXxBQHlsXLFlCxiAfFeTrA+lRpS2Tzh3E/4WpQ/D/a+uSu6ss/sXhtG0QhhsdF VYAPjpJ3azJTZQBxl8N5G1g2sVOKx2u15eoFqHy8Q7ihXpWb7oNp/pE/7OzX6Cwi QHCr07z1wB4RTO1rMMNdYiT4CWwL1+YhESfMxdkPCHLpp4z3EA2k1Tj3kGjaJnwS EXRdlNtRnpL4buASEpNy2Jk5WjiZj/Ev9Jf43yxw1Tkws5BYCky/HcvqRPbc00PP O3tQYDTqzjA0130tZlNhmeGVnd1g4z8USKsYCSx3bTJEodos4nvgfaFf+ntXk+qu BjptPAaxPHVyE2bi9MucnWFRFAKGNLZH2AdKNTgbUo4KZ2x/bIRDbGvMbOFMc18y dgcNbTQivSikWFZi+hEgkbnj8JSjUfGSr2BggJmA4u5x89BPcuxrP05aDOpYPDhC GyOHhJ2CxnZjsWNwWf7d3Qcuha63uBQ8LCzPvJqMYo5VyF1vXXUI1Xh7u1jjCHeo hiYQk11Y4cEDxw== =d4IR -----END PGP SIGNATURE-----
--- End Message ---
