Your message dated Wed, 04 Aug 2021 11:48:27 +0000
with message-id <[email protected]>
and subject line Bug#970932: fixed in ruby-oauth 0.5.6-1
has caused the Debian Bug report #970932,
regarding ruby-oauth: CVE-2016-11086
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
970932: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970932
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ruby-oauth
Version: 0.5.4-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/oauth-xx/oauth-ruby/issues/137
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for ruby-oauth.
CVE-2016-11086[0]:
| lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby
| does not verify server X.509 certificates if a certificate bundle
| cannot be found, which allows man-in-the-middle attackers to spoof
| servers and obtain sensitive information.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-11086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-11086
[1] https://github.com/oauth-xx/oauth-ruby/issues/137
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-oauth
Source-Version: 0.5.6-1
Done: Pirate Praveen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ruby-oauth, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pirate Praveen <[email protected]> (supplier of updated ruby-oauth package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 04 Aug 2021 16:41:25 +0530
Source: ruby-oauth
Architecture: source
Version: 0.5.6-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Ruby Team
<[email protected]>
Changed-By: Pirate Praveen <[email protected]>
Closes: 970932
Changes:
ruby-oauth (0.5.6-1) experimental; urgency=medium
.
[ Michael Moll ]
* use HTTPS for watch URL
.
[ Utkarsh Gupta ]
* Add salsa-ci.yml
.
[ Debian Janitor ]
* Use secure copyright file specification URI.
* Bump debhelper from old 9 to 12.
* Set debhelper-compat version in Build-Depends.
* Set upstream metadata fields: Bug-Database, Repository, Repository-
Browse.
* Update standards version to 4.4.1, no changes needed.
.
[ Cédric Boutillier ]
* Update team name
* Add .gitattributes to keep unwanted files out of the source package
.
[ Pirate Praveen ]
* Update github watch file regex
* New upstream version 0.5.6 (Closes: #970932) (Fixes: CVE-2016-11086)
* Bump Standards-Version to 4.5.1 (no changes needed)
Checksums-Sha1:
b793723269bda8bd5ee0981a33b888f35ea6e822 1993 ruby-oauth_0.5.6-1.dsc
456e8e9095df1dfa4007b88584d17f3334303a19 60887 ruby-oauth_0.5.6.orig.tar.gz
c84fb27427da3d714fc4e4a61ef51e4753d16a8e 4180 ruby-oauth_0.5.6-1.debian.tar.xz
30502f97ccb72113999089c529fc6fd6329e21c8 8984
ruby-oauth_0.5.6-1_amd64.buildinfo
Checksums-Sha256:
c67e44ef1720ea63a9fd31bf46b564058a8cbeea294387380bdcf79f8ec9ca61 1993
ruby-oauth_0.5.6-1.dsc
70dcee0d7639a74a755593ca599d3199139c537254f4a29041105d7dcc8690f7 60887
ruby-oauth_0.5.6.orig.tar.gz
80c93c32493b832733c27b85df617c2f994abc1e29bf7554e38bcf6bf01656f1 4180
ruby-oauth_0.5.6-1.debian.tar.xz
ce71969d85080f0c0ab2fd3110f04b27607e1db17d8ea3ef98217749dca65629 8984
ruby-oauth_0.5.6-1_amd64.buildinfo
Files:
021e21b366e90a7861fe09da78412cf9 1993 ruby optional ruby-oauth_0.5.6-1.dsc
da886b792e541716f4b34427517ed7cc 60887 ruby optional
ruby-oauth_0.5.6.orig.tar.gz
b1bb484658d56f48581bda8179e641b4 4180 ruby optional
ruby-oauth_0.5.6-1.debian.tar.xz
b65a958ec4be381573db42c883b4d355 8984 ruby optional
ruby-oauth_0.5.6-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0whj4mAg5UP0cZqDj1PgGTspS3UFAmEKfAgACgkQj1PgGTsp
S3Upxg/8C7rHIqQVFlKG6mCfnITG/koO/36Pacwq1p96NTFEWDwNeGFLyKIBILOr
OD3ru8HZ5jYxpF9tjgu2BlxTIU8kyavb3pKzUuJcbXxR56ODUnEBzSauI8lQVguO
TtjJ85qbFhM4y503rDYoM5OUPVTGvAw27bfUvSRhfgXq9kMqV/tOZdX2uD75jysT
XDzW2NXTyK9FIW0hKZNJJdT5nz8b+KxH0t7jyP0cAlfE5sQTWavG7B+CX+PnxRen
02DDLf/0nU3iFmBDbwM3RjMGidiRI6yA7lBx8cHLB30hRA7ChVcRSx8y48uywbDc
v2Dyjj+CZ7VemVTUbrc72TqS9r0AW0mZfStvvGJ8ds09cLVGHs2YFBlLBPuPW/Zr
Y5U7IC8UqpEPvS0bcCaM7FqZe+iTDsK+Ajulp9EZtgyJpbBiuvlGGoKMcbgbsj80
+beFFPErtKKdBzfyOYmHa4nbtWu6VKbv5J1LyWrTgcDtThasvAXAyyK2SJ6uFbqg
81nzJ71HsPJKM3GfDFSb2W2cqSACLn0vh/qOyL7UdNRMeusi717Ba6DHqgLEWzhn
YBPADt56xbcT6ZeVB1fjF+I/TWmq41S38r59upwCv9Lc18uMyiioMJyZ5XrZzkBs
6wz+yyhMVhltUNBeRNRYF6mNKCa4bCOn0pjlJ9Vb50luwx9na+0=
=15wd
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
