Your message dated Fri, 03 May 2019 13:04:23 +0000 with message-id <e1hmxrt-00097e...@fasolo.debian.org> and subject line Bug#925986: fixed in jruby 9.1.17.0-2.1 has caused the Debian Bug report #925986, regarding CVE-2018-1000073: directory Traversal vulnerability in install_location to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 925986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925986 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: jruby Severity: grave Tags: security CVE-2018-1000073 is not fixed in the rubygems bundled in jruby, https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2 The other 2018 rubygems issues are fixed in the bundled copy. For bullseye we should really fix jruby to use a common rubygems binary package. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: jruby Source-Version: 9.1.17.0-2.1 We believe that the bug you reported is fixed in the latest version of jruby, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 925...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated jruby package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 May 2019 11:25:03 +0200 Source: jruby Architecture: source Version: 9.1.17.0-2.1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 925986 Changes: jruby (9.1.17.0-2.1) unstable; urgency=medium . * Non-maintainer upload. * Directory traversal vulnerability in install_location (CVE-2018-1000073) (Closes: #925986) Checksums-Sha1: 2a4ae8720a15373a1191d1ec1281c1a42f941d85 3209 jruby_9.1.17.0-2.1.dsc b5934fe47cba688fbde6d6ce45c284a3ab547af3 78924 jruby_9.1.17.0-2.1.debian.tar.xz 592f2d1f5a9044f46ac16bbefb59bfd1f339933b 6979 jruby_9.1.17.0-2.1_source.buildinfo Checksums-Sha256: 65447934a89d5b1864ae62e9099347e9084eaab49131aec24fd43b91d6964f7c 3209 jruby_9.1.17.0-2.1.dsc 8230b00e5aada025e579b70464fbe3d3b268f464bcc5b2147304f18a3d63f406 78924 jruby_9.1.17.0-2.1.debian.tar.xz 649cfc59a19cfc3096e9456a43db405efc01ca78284b8a4e013e61fd7fbb3843 6979 jruby_9.1.17.0-2.1_source.buildinfo Files: f09696bbf9685040758786378c26aa80 3209 ruby optional jruby_9.1.17.0-2.1.dsc a42cc58395e98edab58bfb1730767d75 78924 ruby optional jruby_9.1.17.0-2.1.debian.tar.xz 45ce9624dc923313c698367eb8fb5ec1 6979 ruby optional jruby_9.1.17.0-2.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlzJgC5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EmcAP/AnhF0rYVqa7lIpXN+WjWr0v7RRL01H2 526qBQyLkmXUn2We0FTedZ+CPJKpWmYX5K+ocoBp08+abQctKU16q3iSTqqcjM6h iZbKisAPPnnBtxKy3irHSojMVKFGAyuSQ2ExAmMOY6wlbrk51Ps1zgdADg4FZqyu FElVxOmTvFmzvAo3XwYzhRLaDYWrr/3JgIQ/39XZyQsx9U3C6o9zKXzRqyPHvbjC VB21sxU6UtwBtIBZlkoGzZpmg1CG5q3oL1IGkMUrabxUX8TcVTx4Zivef99XtcyU C5ltv3uwukbICwbGy/R+DfSbsL1DK8z4e7/DmEzlpEEjlapQu4DFN9nAPtg8flpj HCS5BXGhHnk6xs9iB/LimuHX3+tjnDku4lzl9OwUxMSx9TAehOovIB37yj5tm5bJ 7W8bfT4xLXOoqhm/2P0R+meUcIxnVHd6GNTxX038U5RpMFWuOnnimWktpazavo4F zUwrNoMpqPF6ktRnP49468EO1UcbAc1dO5soJ2Vxw4a7ff7+imxKU4JiUyMCkc89 lhJ80pDe+2DRTteiyUMs8wufT0BhH3/o+4A9ydCbPG/22L3Lphyd8emzR4l6SgTx Qj1EiFJKywV/jtIn1WVksoUWVT/zjVVfwHViMJMwCz81dcPFBNPLFLAgQhjxB7tw xe+xmN4V50j2 =l/Lf -----END PGP SIGNATURE-----
--- End Message ---
