Bug#884438: marked as done (ruby2.3: CVE-2017-17405: Command injection vulnerability in Net::FTP)

Fri, 22 Dec 2017 08:15:20 -0800 

Your message dated Fri, 22 Dec 2017 17:10:11 +0100
with message-id <[email protected]>
and subject line Re: Bug#884438: ruby2.3: CVE-2017-17405: Command injection 
vulnerability in Net::FTP
has caused the Debian Bug report #884438,
regarding ruby2.3: CVE-2017-17405: Command injection vulnerability in Net::FTP
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
884438: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884438
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: ruby2.5
Version: 2.5.0~preview1-1
Severity: grave
Tags: patch security upstream fixed-upstream
Control: clone -1 -2
Control: reassign -2 ruby2.3 2.3.5-1
Control: found -2 2.3.3-1
Control: retitle -2 ruby2.3: CVE-2017-17405: Command injection vulnerability in 
Net::FTP

Hi,

the following vulnerability was published for ruby.

CVE-2017-17405[0]:
Command injection vulnerability in Net::FTP

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-17405
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405
[1] 
https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/
[2] https://github.com/ruby/ruby/commit/6d3f72e5be2312be312f2acbf3465b05293c1431

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: ruby2.3
Source-Version: 2.3.6-1

The fix for CVE-2017-17405 is included in 2.3.6-1 via:

+Thu Dec 14 23:53:41 2017  NAKAMURA Usaku  <[email protected]>
+
+       * test/net/ftp/test_ftp.rb (process_port_or_eprt): merge a part of
+         r56973 to pass the test introduced at previous commit.
+
+Thu Dec 14 22:55:05 2017  Shugo Maeda  <[email protected]>
+
+       Fix a command injection vulnerability in Net::FTP.
+
+Thu Dec 14 22:35:19 2017  Eric Wong  <[email protected]>

Regards,
Salvatore

--- End Message ---

Reply via email to