Your message dated Fri, 10 Aug 2012 17:47:10 +0000
with message-id <[email protected]>
and subject line Bug#684517: fixed in ruby-activesupport-3.2 3.2.6-4
has caused the Debian Bug report #684517,
regarding ruby-activesupport-3.2: CVE-2012-3464
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
684517: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684517
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ruby-actionpack-3.2
Severity: grave
Tags: security
Justification: user security hole
Please see
CVE-2012-3465
http://www.openwall.com/lists/oss-security/2012/08/09/9
CVE-2012-3464
http://www.openwall.com/lists/oss-security/2012/08/09/10
CVE-2012-3463
http://www.openwall.com/lists/oss-security/2012/08/09/8
Since Wheezy is frozen, please use the isolated patches instead of updating to
3.2.8
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: ruby-activesupport-3.2
Source-Version: 3.2.6-4
We believe that the bug you reported is fixed in the latest version of
ruby-activesupport-3.2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Antonio Terceiro <[email protected]> (supplier of updated
ruby-activesupport-3.2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 10 Aug 2012 14:10:41 -0300
Source: ruby-activesupport-3.2
Binary: ruby-activesupport-3.2
Architecture: source all
Version: 3.2.6-4
Distribution: unstable
Urgency: high
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Antonio Terceiro <[email protected]>
Description:
ruby-activesupport-3.2 - Support and utility classes used by the Rails 3.2
framework
Closes: 684517
Changes:
ruby-activesupport-3.2 (3.2.6-4) unstable; urgency=high
.
* debian/patches/CVE-2012-3464.patch: fixes potential XSS vulnerability.
CVE-2012-3464 (Closes: #684517).
Checksums-Sha1:
b14ea6293b9c2a1c0b826206509e7f905a81e22e 1601
ruby-activesupport-3.2_3.2.6-4.dsc
9d2789a1a12d777c8be2b495d33f5ef461f5e31d 3182
ruby-activesupport-3.2_3.2.6-4.debian.tar.gz
863542bd6a399a9b0c295dc4728ad0782bd21e27 322474
ruby-activesupport-3.2_3.2.6-4_all.deb
Checksums-Sha256:
41dfc5cd1a23c4845ed0fe72f4cba6bca495ceb342c9ef7e2eb97357d06d5cce 1601
ruby-activesupport-3.2_3.2.6-4.dsc
602a5dd2eaac99b170af8dd44acdec3e41447fce8a2c93f24e69dd42adddf837 3182
ruby-activesupport-3.2_3.2.6-4.debian.tar.gz
3d5c9b1dfdb6103c01011b4185682d9a6670721e20eea706e20bd7b483780af6 322474
ruby-activesupport-3.2_3.2.6-4_all.deb
Files:
333db4118671642ea143f9fb81e5fb20 1601 ruby optional
ruby-activesupport-3.2_3.2.6-4.dsc
790bafee9f67372b209e4cb8f2f577ab 3182 ruby optional
ruby-activesupport-3.2_3.2.6-4.debian.tar.gz
5f171c36977fbd3be310f101b14430cb 322474 ruby optional
ruby-activesupport-3.2_3.2.6-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlAlRMQACgkQDOM8kQ+cso+uuACbBtv+U7rLt50jpL9uvwcHoxqn
yIMAn3V3m88Ut8zYwAdKkife40b6lbG9
=uAXT
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
