Your message dated Tue, 11 Dec 2012 20:48:14 +0000 with message-id <e1tiwkq-0006d7...@franck.debian.org> and subject line Bug#694694: fixed in jruby 1.5.6-5 has caused the Debian Bug report #694694, regarding jruby: CVE-2012-5370 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694694: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694694 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: jruby Severity: grave Tags: security Justification: user security hole Hi, please see the Red Hat bug for details: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5370 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: jruby Source-Version: 1.5.6-5 We believe that the bug you reported is fixed in the latest version of jruby, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Martin Quinson <mquin...@debian.org> (supplier of updated jruby package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 11 Dec 2012 21:22:36 +0100 Source: jruby Binary: jruby Architecture: source all Version: 1.5.6-5 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Martin Quinson <mquin...@debian.org> Description: jruby - 100% pure-Java implementation of Ruby Closes: 694694 Changes: jruby (1.5.6-5) unstable; urgency=medium . * Team upload. * Add patch for CVE-2012-5370: Use PerlHash instead of MurmurHash (that is vulnerable to DoS attacks). (Closes: #694694) [Patch adapted from 5e4aab28 upstream] Checksums-Sha1: 4d13ae8ecbdd8028f0f1ea189fb27f2cd60c0ff4 2283 jruby_1.5.6-5.dsc fe062783f707c446d149cb293e1f71decd34ef5b 30568 jruby_1.5.6-5.debian.tar.gz cd2fd4e5d344ac1ed7d0612c67f72c886d038663 8918352 jruby_1.5.6-5_all.deb Checksums-Sha256: a0d0e96cf2b6e8f93ec6c54455807876faafd2baf4eee3db35baad83b6e9efd7 2283 jruby_1.5.6-5.dsc 89b92389ef3863225237e1de776807fb7455f0003fd0bb90c54e312291143749 30568 jruby_1.5.6-5.debian.tar.gz 7fa01aaa7b2d12eea1184488c9a130e71dfa1e40194c2180ec06840d82032ca0 8918352 jruby_1.5.6-5_all.deb Files: 07da0a29ffec6d0846389e685a0fe72b 2283 ruby optional jruby_1.5.6-5.dsc 96926425a15a98d304b93ca3bd3fdda7 30568 ruby optional jruby_1.5.6-5.debian.tar.gz 3d8a3fe64808709079620a709c8a66c6 8918352 ruby optional jruby_1.5.6-5_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQx5ecAAoJEJi9lyRPc76nGCEP+wcfLnUFNlfnNovHHwqrfxlC cLlLzPooRa3OAZ0IHgLhuHEXKzHAPGi5VLYSkLare6mxJcJDBCA0k0YADksLDOXF T+LoRC1Rk9/ywLFOrvetkmEl5KEWL4QdQ4msXhG+1Fc6vwcDOITZeqMkki8VWQc1 SLL8UX20iyyMHqZ+cmuGFS7JV5KvoIlNWuQWoQkatGQNoJIelUa+RrUwhhupO7RH AvMW8UK7MARgkGgde4LP0ONcQjvL9TmOEmW2bzfhSibZB162ArHhjGpmTL49jJ0x o4t90LmHs5x/y7eQfAEpohAq8vaXJQ6m2E3inm5xOq3EGzYUwjp0jRzEqeiDhIjP rRTc2MTG3szk8uSWM1wiHsAtuhQiDU1SyVQ6T//VXjd7Oo/prObxVZniDPdy9H/r izK9eSNWZQeYaOzLSAG0IAWDgtyC7KT2m2j1VPLN2YzjWI4QhkdU9sTHfS70PeTT pvXEqHyV0I3ICyq9tSKe/j1Wwipf3Mg80eW9o0tExRSGYJTsQ+aBDI5zZdXBLLyT gdBjVaCMol13O1g7HZRacR+SxJwpJgkkwwIzkjUHSIdsCRWFH3Z+/ehxa+QO57cY igXLZzliBp2ms1KW7zd9SNa7e9NEkCY2LDOalDYksqkLrDlCgVJXhDysjf1fWzkQ RaTGj9VBACdnMFyum7pe =nAUa -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
