Your message dated Tue, 27 May 2014 22:47:08 +0000
with message-id <[email protected]>
and subject line Bug#747641: fixed in ruby-actionpack-3.2 3.2.6-6+deb7u2
has caused the Debian Bug report #747641,
regarding rails-3.2: CVE-2014-0130: Directory Traversal Vulnerability With
Certain Route Configurations
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
747641: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747641
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rails-3.2
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
Hi,
the following vulnerability was published for rails-3.2.
CVE-2014-0130[0]:
Directory Traversal Vulnerability With Certain Route Configurations
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
https://security-tracker.debian.org/tracker/CVE-2014-0130
[1] http://www.openwall.com/lists/oss-security/2014/05/06/12
[2] http://www.openwall.com/lists/oss-security/2014/05/06/14
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-actionpack-3.2
Source-Version: 3.2.6-6+deb7u2
We believe that the bug you reported is fixed in the latest version of
ruby-actionpack-3.2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Antonio Terceiro <[email protected]> (supplier of updated ruby-actionpack-3.2
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 10 May 2014 14:33:15 -0300
Source: ruby-actionpack-3.2
Binary: ruby-actionpack-3.2
Architecture: source all
Version: 3.2.6-6+deb7u2
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Antonio Terceiro <[email protected]>
Description:
ruby-actionpack-3.2 - web-flow and rendering framework putting the VC in MVC
(part of R
Closes: 747641
Changes:
ruby-actionpack-3.2 (3.2.6-6+deb7u2) wheezy-security; urgency=medium
.
* [CVE-2014-0081] XSS Vulnerability in number_to_currency,
number_to_percentage and number_to_human
* [CVE-2014-0082] Denial of Service Vulnerability in Action View when using
render :text
* [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route
Configurations (Closes: #747641)
Checksums-Sha1:
970d1218c24119d33517e9d54334f41b967587e6 2337
ruby-actionpack-3.2_3.2.6-6+deb7u2.dsc
0fedcc1db03668d3d068a4b46c82757da68cf07a 10964
ruby-actionpack-3.2_3.2.6-6+deb7u2.debian.tar.gz
228277235a288b19412fd47a2c072e0a9e26883e 388116
ruby-actionpack-3.2_3.2.6-6+deb7u2_all.deb
Checksums-Sha256:
f7c9fae84baae2a547301fb9dc470dbffdce92716e49bd8a4ea4c7fae0bf64e0 2337
ruby-actionpack-3.2_3.2.6-6+deb7u2.dsc
672a6c853e1a1d3efe5183323495b3b39e91bdffe7ea12aa20cefec1e867da5c 10964
ruby-actionpack-3.2_3.2.6-6+deb7u2.debian.tar.gz
d74c53be5deacdfc8aae3df588ed1c8074e9db62388a4d35477df7fdb9d668f3 388116
ruby-actionpack-3.2_3.2.6-6+deb7u2_all.deb
Files:
16b4c9a6a8adaac52b9400d75d8cf104 2337 ruby optional
ruby-actionpack-3.2_3.2.6-6+deb7u2.dsc
c14ff8fbf4b23dce47c358a4d0281d96 10964 ruby optional
ruby-actionpack-3.2_3.2.6-6+deb7u2.debian.tar.gz
4074ef740338fa3aef161b96658071ad 388116 ruby optional
ruby-actionpack-3.2_3.2.6-6+deb7u2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJTc66iAAoJEPwNsbvNRgvekTsQAK8Dzt6xw9ZxnK9LGxzFa+eC
0bVdarM4uPz4BsHuYGF4npQGijvWzVzNTpjbTgB4L0dt5AccHaVUQ2gpdIyNPFIr
ewNoqQ/fQjCX7Y7TyII7lPY/Vkas2n80i42F/IAlVSkJpwkRZFolHvwEkVfC4cFe
FJhMJ8rPeexva7lC0qK0c3+qbz/6ZHovCT8Y1O70Xk4eFHa85am2eiE+rO3WPnrF
W7BmR0fhVOu3zj/5T+qxfcajfaYVDw5dcQkqL1IzBQdxvgUkAdF8yCXHz9QzfX5C
9Vkb7HZUUFmN/negmyq3aQsHP0JXaXTux2WsOSbKuN8t0cIftwaEZ8iqZsZfna/1
aJiIq7awdufW7pp6qGtbtRpu0kNwGPTt+ws4Y/yZu37lIb8w67x8bYeCricozFPG
o88Bf5Mzk8T3uxPH0H5Z9U1/6GZWAiVuU4uvyI/+xYjDGof2eU9esv+qtWjTFvGo
YDpPkPAEtt3j/ThHjeN5fjELVvu6tG/AL84Dw/bPrFWJ6CG/uYYVb3r6fsI26dXZ
K/uzWNqLLyGD1f/ssahXNqj+EfUJMX/0VrLZX7+nky2v6MuHE8rury7Ndgrv3AKr
oApzquSPicnjJwSzEEJNVaMUUuKC7Ec7GXzmAU0bhe21Y508I8o7bqdPuynwp9wN
LkhR4taAiVRIlfGw/sr5
=vu6f
-----END PGP SIGNATURE-----
--- End Message ---
