Your message dated Thu, 24 Apr 2025 13:20:01 +0200
with message-id <[email protected]>
and subject line Re: Accepted ruby-webrick 1.9.1-1 (source) into unstable
has caused the Debian Bug report #1082633,
regarding ruby-webrick: CVE-2024-47220
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1082633: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082633
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ruby-webrick
Version: 1.8.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/ruby/webrick/issues/145
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for ruby-webrick.
CVE-2024-47220[0]:
| An issue was discovered in the WEBrick toolkit through 1.8.1 for
| Ruby. It allows HTTP request smuggling by providing both a Content-
| Length header and a Transfer-Encoding header, e.g., "GET /admin
| HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE:
| the supplier's position is "Webrick should not be used in
| production."
As accordingly webrick should not be used in production, we have
marked it no-dsa for bookworm.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-47220
https://www.cve.org/CVERecord?id=CVE-2024-47220
[1] https://github.com/ruby/webrick/issues/145
[2]
https://github.com/ruby/webrick/commit/f5faca9222541591e1a7c3c97552ebb0c92733c7
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-webrick
Source-Version: 1.9.1-1
On Fri, Mar 14, 2025 at 09:42:03PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Format: 1.8
> Date: Fri, 14 Mar 2025 20:48:41 +0100
> Source: ruby-webrick
> Architecture: source
> Version: 1.9.1-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Debian Ruby Team
> <[email protected]>
> Changed-By: Hans-Christoph Steiner <[email protected]>
> Changes:
> ruby-webrick (1.9.1-1) unstable; urgency=medium
> .
> * Team upload
> * New upstream version 1.9.1
> Checksums-Sha1:
> 1d37d8320597401b3199fdcbd0f2aa6bb7f47ed0 1687 ruby-webrick_1.9.1-1.dsc
> 6dbc48f3cbf08ed90cde2d1b9e7753c8a9232795 94412 ruby-webrick_1.9.1.orig.tar.gz
> 1e9d3125b102bc0fb6d105b19ceb8a13d813da10 3824
> ruby-webrick_1.9.1-1.debian.tar.xz
> 462bce852a19cab487c6b8a6add1f71b1ec6299b 13469
> ruby-webrick_1.9.1-1_source.buildinfo
> Checksums-Sha256:
> e9d90af377f1f570c5f471081141e2f9ed42f7379224b0037a18a84fdf3c19f6 1687
> ruby-webrick_1.9.1-1.dsc
> 0a2a4f55a948bd1c6cd5d67758e32d60cb764f95ee517e6d170cae8c6e11c5a2 94412
> ruby-webrick_1.9.1.orig.tar.gz
> d193d086a267551d27705090bc89f02b32bb626222c9d2a959ab658c300b0ab0 3824
> ruby-webrick_1.9.1-1.debian.tar.xz
> d2396c5732c96d656c078da130882b3ed26ec0bdc375d17f3865f1bf103b84fc 13469
> ruby-webrick_1.9.1-1_source.buildinfo
> Files:
> c05e8f841ccc979f9afa6d2c23b7c927 1687 ruby optional ruby-webrick_1.9.1-1.dsc
> dce6412ed31e07a9eeaefe2007c14710 94412 ruby optional
> ruby-webrick_1.9.1.orig.tar.gz
> 65885a40dafbba13e45007f33dc90279 3824 ruby optional
> ruby-webrick_1.9.1-1.debian.tar.xz
> 96ade3d09dad9f214e4828dae052559f 13469 ruby optional
> ruby-webrick_1.9.1-1_source.buildinfo
>
> -----BEGIN PGP SIGNATURE-----
>
> iQEzBAEBCgAdFiEElyI52+aGmfUmwGoFPhd4F7obm/oFAmfUmWYACgkQPhd4F7ob
> m/rzLwgAtCSV3dXdIUoUuwXbhg7R8NkHdw3YvFv9GqmJC4QdP1EZSVNUBbxsPcSQ
> 2uQ+Qu3dgopR/LTLuOPrspUvIZ3tM3zmjprcPNkPqB+iCaWznaK1Q5eKW7t7afdo
> 0fUkAiQcV8XMSLcf0wLMMNicf8ZTZA/A2BE/6NFz2L/WQ0P/sF9tbL69exPrVL0H
> TCP34oXn39xrsdz1CBauX+vz2O+8famMno9OFFVl2m6kJ7/3+t9mRy7xdZXPmcu1
> NFaGqgrgJdTLoP5ip+NS7w1GBKnpvDzQPPL0BqYJE1Pap2ugCnLB6P2Yh6Bm334Q
> NuB08siBBvFbMqy8k9MATjiTf/DUwg==
> =rkc0
> -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
