Your message dated Fri, 11 Jan 2013 21:32:37 +0000 with message-id <e1ttmdn-0006lz...@franck.debian.org> and subject line Bug#697895: fixed in ruby-extlib 0.9.15-3 has caused the Debian Bug report #697895, regarding Update libextlib-ruby / ruby-extlib for vulnerabilities (Re: CVE-2013-0156) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 697895: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697895 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libextlib-ruby Version: 0.9.13-2 Severity: grave Tags: security Dan Kubb, upstream maintainer of the extlib RubyGem recently updated it to resolve security issues reported in CVE-2013-0156. The patches are are available from the extlib Git repository on GitHub to remove symbol and yaml coercion, respectively: https://github.com/datamapper/extlib/commit/4540e7102b803624cc2eade4bb8aaaa 934fc31c5 https://github.com/datamapper/extlib/commit/633974b2759d9b924657f3888473d5f d681538dd
--- End Message ---
--- Begin Message ---Source: ruby-extlib Source-Version: 0.9.15-3 We believe that the bug you reported is fixed in the latest version of ruby-extlib, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 697...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cédric Boutillier <bou...@debian.org> (supplier of updated ruby-extlib package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 11 Jan 2013 18:15:39 +0100 Source: ruby-extlib Binary: ruby-extlib libextlib-ruby libextlib-ruby1.8 libextlib-ruby1.9.1 libextlib-ruby-doc Architecture: source all Version: 0.9.15-3 Distribution: unstable Urgency: high Maintainer: Bryan McLellan <b...@loftninjas.org> Changed-By: Cédric Boutillier <bou...@debian.org> Description: libextlib-ruby - Transitional package for ruby-extlib libextlib-ruby-doc - Transitional package for ruby-extlib libextlib-ruby1.8 - Transitional package for ruby-extlib libextlib-ruby1.9.1 - Transitional package for ruby-extlib ruby-extlib - general Ruby class extensions for DataMapper and Merb Closes: 697895 Changes: ruby-extlib (0.9.15-3) unstable; urgency=high . * Team upload. * Import patches 633974b2759d9b92 and 4540e7102b803624 from uptream to remove symbol and YAML coercion from the XML parser. [CVE-2013-0156] (Closes: #697895) Checksums-Sha1: bb10dad19c2671801877e5b5fb15b14532462daf 2247 ruby-extlib_0.9.15-3.dsc 4f8571ba3b7aefe7bdce8e8fbe7716fcb45c7ad6 4687 ruby-extlib_0.9.15-3.diff.gz ff0b3141b7f2df240b8307ceb05d624851c34974 35582 ruby-extlib_0.9.15-3_all.deb 0a77158c8ec33b24c9836c0821661bfd20cec286 4180 libextlib-ruby_0.9.15-3_all.deb ae9559bbad34b34bced92323424726f3815331ae 4180 libextlib-ruby1.8_0.9.15-3_all.deb 494f0fd4dafaccec7641dfe1f1f033f3dd68b711 4182 libextlib-ruby1.9.1_0.9.15-3_all.deb 516f4bd2e7273e37dd8a9c80430cf9fe0bf7cfd7 4180 libextlib-ruby-doc_0.9.15-3_all.deb Checksums-Sha256: 6c9063a4daf662391409fa81852b5e6914fbc127c9e0f61ea78526232e941e17 2247 ruby-extlib_0.9.15-3.dsc 95df8ec52d1638083d0e14c339f52f6aa827480208a93355c23614d25b5a6211 4687 ruby-extlib_0.9.15-3.diff.gz bf2ac87e0e17a46ec5583f4007e9dede358360d17c5a7be716b941a44fdf68fa 35582 ruby-extlib_0.9.15-3_all.deb b17a332bbf7155e39b6a49f2a1f48d8bc6deafcb55593d63b7ca2bb14fdb274d 4180 libextlib-ruby_0.9.15-3_all.deb 4461dfcf4ef248d25bcb0c4e90514586d412603ba2425e5e25b882ddae8bd522 4180 libextlib-ruby1.8_0.9.15-3_all.deb a69cfbfd58c237a228b11ad5c3569a76484c08128cf358c5be055c83d0436aa0 4182 libextlib-ruby1.9.1_0.9.15-3_all.deb a320b93c04731473d46d257fe35f8c861472bb8115b9ddbc31610ccd45e5642c 4180 libextlib-ruby-doc_0.9.15-3_all.deb Files: 3be760292b64478fc60cc2a42613c52e 2247 ruby extra ruby-extlib_0.9.15-3.dsc 96a039c95e8affe0cfacecf4e34e1720 4687 ruby extra ruby-extlib_0.9.15-3.diff.gz c9a0ee978f40a2e45d5f811d048dc958 35582 ruby extra ruby-extlib_0.9.15-3_all.deb db26187f88999befae8996172108ed98 4180 oldlibs extra libextlib-ruby_0.9.15-3_all.deb 0b792d88f11cec7f8182b4f3b09b5feb 4180 oldlibs extra libextlib-ruby1.8_0.9.15-3_all.deb 29a5db040f8330c612b172ab627abcbb 4182 oldlibs extra libextlib-ruby1.9.1_0.9.15-3_all.deb 3113c77e9276e30ac51e1283b8ea6eb7 4180 oldlibs extra libextlib-ruby-doc_0.9.15-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQ8IJBAAoJENpJWPYR4UnpQrAQAL0U1fbkjWeSYG/8KZNewNWt lURV6RCLIyjfkFSV8A+CdVL8HF1MxNmPMMSIc/fMJc6q/GOyQOrxHfY+gLIPnQsX VhkYV0JIYfv4cyBnDnROqsbp6WbdlrbmuXrSUpPLK9qCRoOiDPNnXkqyY8FJkvRV kMZB5hIG8vVxQEnH0z+r70X5/1HXZ3Hm4amYaOOMdNG6fYkoaXmcj6ri79Ow8Smm ZRJONzag+D9nBMOdXCrCjTJUIMwFYU9YVbbe4qhZpZrMRjdUG6oBnmAcCcwrhThf zct23xi1J0Sgbpp/m/E/IUq2EFjiLd8nSyVs/nryY8/KG5we4BeFlFmrEmzv7gYm 4eRvexFuyqq8T0mVV+Mrt8/SjiT0Lsa7kUFunHn6DXu04mOMPb3zJZdsMP0FkdBw ZqDHXnRfXQnWIR5N98Z2jv0D3F/X5sp4vNKBxuchO7PZ409BuTtP0Ld+6yeDuk0D zIGE79UmQ1IcyLzfH20gXj5Dpzf1x6AKnD8mO4UCx35jdSlEC39YQJN6As9G9mxQ zyJVLPyzNvSHMcLGKA1P0Z1aRUrz8vrV9KEdJnKoSNYL3mHp4ZwYaJ8j93llSnSJ tYRZb31ehoUQXPCG5OmHOIdtABPei1tjSkdmf1g7UCUOBjuDzgew5DLGM/k7CtNy frY9EXMcwo3ChNZvb1SM =tneb -----END PGP SIGNATURE-----
--- End Message ---
