Bug#332742: marked as done (ruby1.8: [CAN-2005-2337] safe mode bypass)

Debian Bug Tracking System Wed, 19 Oct 2005 04:19:22 -0700

Your message dated Wed, 19 Oct 2005 19:25:20 +0900
with message-id <[EMAIL PROTECTED]>
and subject line Bug#332742: ruby1.8: [CAN-2005-2337] safe mode bypass
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 8 Oct 2005 09:22:33 +0000
>From [EMAIL PROTECTED] Sat Oct 08 02:22:33 2005
Return-path: <[EMAIL PROTECTED]>
Received: from box79162.elkhouse.de [213.9.79.162] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1EOAuW-0002zY-00; Sat, 08 Oct 2005 02:22:33 -0700
Received: by box79162.elkhouse.de (Postfix, from userid 1000)
        id 08B831F8406; Sat,  8 Oct 2005 11:22:00 +0200 (CEST)
Date: Sat, 8 Oct 2005 11:22:00 +0200
From: Martin Pitt <[EMAIL PROTECTED]>
To: Debian BTS Submit <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: ruby1.8: [CAN-2005-2337] safe mode bypass
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="9zSXsLTf0vkW971A"
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02


--9zSXsLTf0vkW971A
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: ruby1.8
Version: 1.8.2-9
Severity: grave
Tags: security patch

Hi!

There is a safe mode bypass in all Ruby versions:

  http://www.ruby-lang.org/en/20051003.html

This page also contains a patch (which does not apply perfectly since
the XMLRPC issue is already fixed, but for eval.c it applies fine).

This has been assigned CAN-2005-2337, please mention this number in
the changelog when you fix this.

Thanks,

Martin

--=20
Martin Pitt              http://www.piware.de
Ubuntu Developer   http://www.ubuntulinux.org
Debian Developer        http://www.debian.org

--9zSXsLTf0vkW971A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDR4+3DecnbV4Fd/IRArvTAJ9C3weP3PiKAeQib8TOYeoJDnS37wCfWoIQ
ATmuXKemFTPWqB95mzqHG4Q=
=WpUw
-----END PGP SIGNATURE-----

--9zSXsLTf0vkW971A--

---------------------------------------
Received: (at 332742-close) by bugs.debian.org; 19 Oct 2005 10:25:25 +0000
>From [EMAIL PROTECTED] Wed Oct 19 03:25:25 2005
Return-path: <[EMAIL PROTECTED]>
Received: from fs.yendot.org [164.46.240.253] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1ESB8P-0000nh-00; Wed, 19 Oct 2005 03:25:25 -0700
Received: from arika.org (rb.vpn.yendot.org [192.168.253.2])
        by fs.yendot.org (Postfix) with ESMTP id 4940E6D400C;
        Wed, 19 Oct 2005 19:25:24 +0900 (JST)
Received: from localhost (localhost [127.0.0.1])
        by arika.org (Postfix) with ESMTP id 202C42E706D7;
        Wed, 19 Oct 2005 19:25:24 +0900 (JST)
Received: from arika.org ([127.0.0.1])
        by localhost (station [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id 00475-04; Wed, 19 Oct 2005 19:25:21 +0900 (JST)
Received: from [172.16.1.6] (rice.p.arika.org [172.16.1.6])
        by arika.org (Postfix) with ESMTP id 433212E705C9;
        Wed, 19 Oct 2005 19:25:21 +0900 (JST)
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 19 Oct 2005 19:25:20 +0900
From: akira yamada <[EMAIL PROTECTED]>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; ja-JP; rv:1.7.6) Gecko/20050331 
Thunderbird/1.0.2 Mnenhy/0.7.2.0
X-Accept-Language: ja, en-us, en
MIME-Version: 1.0
To: Martin Pitt <[EMAIL PROTECTED]>,
        [EMAIL PROTECTED]
Subject: Re: Bug#332742: ruby1.8: [CAN-2005-2337] safe mode bypass
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
X-Enigmail-Version: 0.92.0.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at arika.org
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

DSA-864 was published.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#332742: marked as done (ruby1.8: [CAN-2005-2337] safe mode bypass)

Reply via email to