Your message dated Tue, 29 Jan 2013 15:32:31 +0000
with message-id <[email protected]>
and subject line Bug#699249: fixed in ruby-activesupport-2.3 2.3.14-6
has caused the Debian Bug report #699249,
regarding rails: CVE-2013-0333: Vulnerability in JSON Parser in Ruby on Rails
3.0 and 2.3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
699249: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699249
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: rails
Severity: grave
Tags: security
Justification: user security hole
Hi
The following advisory was made for rails:
[1] http://weblog.rubyonrails.org/
[2]:
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
Disclaimer: I have not checked which versions in Debian might be
affected. Can you check and adjust the affected versions?
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-activesupport-2.3
Source-Version: 2.3.14-6
We believe that the bug you reported is fixed in the latest version of
ruby-activesupport-2.3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Antonio Terceiro <[email protected]> (supplier of updated
ruby-activesupport-2.3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 29 Jan 2013 11:35:25 -0300
Source: ruby-activesupport-2.3
Binary: ruby-activesupport-2.3
Architecture: source all
Version: 2.3.14-6
Distribution: unstable
Urgency: high
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Antonio Terceiro <[email protected]>
Description:
ruby-activesupport-2.3 - Support and utility classes used by the Rails 2.3
framework
Closes: 699249
Changes:
ruby-activesupport-2.3 (2.3.14-6) unstable; urgency=high
.
* Team upload.
* debian/patches/CVE-2013-0333.patch: fix vulnerability in JSON Parser that
would allow attackers to do very nasty things (Closes: #699249).
Checksums-Sha1:
612868f7e562696b69866c62f7bf02ac3eabd055 1578
ruby-activesupport-2.3_2.3.14-6.dsc
f9e48ff9b381c8b9191dd17f799ecd5defc744c2 150455
ruby-activesupport-2.3_2.3.14-6.debian.tar.gz
e3bdead5a4ffcca0e6e2549dabf5d1cff0c66908 305208
ruby-activesupport-2.3_2.3.14-6_all.deb
Checksums-Sha256:
a7dad85cb44b04257bd36723e5773e2c3df48d34ec8be6c383d7bf7b3f6b3815 1578
ruby-activesupport-2.3_2.3.14-6.dsc
4676773ef0c53a096ed9a730be5e6baa7852802902951b4abe6accf575b43fe7 150455
ruby-activesupport-2.3_2.3.14-6.debian.tar.gz
76cde40ab33b82b0b3cfa886c6e3706e52baa00c4510ab34b02779b1f1f1b6fe 305208
ruby-activesupport-2.3_2.3.14-6_all.deb
Files:
9e09ad725165319476cb29e7f0ecb517 1578 ruby optional
ruby-activesupport-2.3_2.3.14-6.dsc
c2679e2ed3faf0973499cb45cdc96bd9 150455 ruby optional
ruby-activesupport-2.3_2.3.14-6.debian.tar.gz
1cde7d1af6bcb0d0fc239a4ed6d1b03a 305208 ruby optional
ruby-activesupport-2.3_2.3.14-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlEH6RAACgkQDOM8kQ+cso+zwACfXWqYGNH/ek9mdvlO7DA3AzHK
nJsAn2E0sI1tpBqyeRDd6m0SNOUfQq7S
=q2hu
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
