[DRE-maint] Bug#726576: marked as done (ruby-actionmailer-3.2: Possible DoS Vulnerability in Action Mailer (CVE-2013-4389))

Tue, 01 Apr 2014 14:21:58 -0700 

Your message dated Tue, 01 Apr 2014 21:17:30 +0000
with message-id <[email protected]>
and subject line Bug#726576: fixed in ruby-actionmailer-3.2 3.2.6-2+deb7u1
has caused the Debian Bug report #726576,
regarding ruby-actionmailer-3.2: Possible DoS Vulnerability in Action Mailer 
(CVE-2013-4389)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
726576: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726576
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: ruby-actionmailer-3.2
Severity: grave
Tags: security
Justification: user security hole

Hi,

a vulnerability was reported against actionmailer, see
http://marc.info/?l=oss-security&m=138194461411192&w=2 for more info.

It's unclear from that mail if it's really only a DoS, since “format
string” might be worse than that, so it's not clear if it'll need a DSA
or not.

Regards,
-- 
Yves-Alexis Perez
Debian Security

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (450, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.10-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
Source: ruby-actionmailer-3.2
Source-Version: 3.2.6-2+deb7u1

We believe that the bug you reported is fixed in the latest version of
ruby-actionmailer-3.2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <[email protected]> (supplier of updated ruby-actionmailer-3.2 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 05 Dec 2013 11:58:24 +0100
Source: ruby-actionmailer-3.2
Binary: ruby-actionmailer-3.2
Architecture: source all
Version: 3.2.6-2+deb7u1
Distribution: wheezy-security
Urgency: low
Maintainer: Debian Ruby Extras Maintainers 
<[email protected]>
Changed-By: Ondřej Surý <[email protected]>
Description: 
 ruby-actionmailer-3.2 - email composition, delivery, and receiving framework 
(part of Rai
Closes: 726576
Changes: 
 ruby-actionmailer-3.2 (3.2.6-2+deb7u1) wheezy-security; urgency=low
 .
   * [CVE-2013-4389] Fix Possible DoS Vulnerability in Action Mailer (Closes:  
#726576)
Checksums-Sha1: 
 6bc33971899921611d7b292380c15a83f684d443 24512 
ruby-actionmailer-3.2_3.2.6.orig.tar.gz
 a290ecbc4f5a1d59f3e4b4bc3b7082f5624635c6 1654 
ruby-actionmailer-3.2_3.2.6-2+deb7u1.dsc
 58f23a50cf2c400434cd9b7dc29c5a7bd59cc6e6 3315 
ruby-actionmailer-3.2_3.2.6-2+deb7u1.debian.tar.gz
 49d603cece9a6d64f7ad7fdd265f88861444786a 29560 
ruby-actionmailer-3.2_3.2.6-2+deb7u1_all.deb
Checksums-Sha256: 
 a75df648bb82be153a53c1eaf12fe7a1c4672c2f4f24a800bdc47e1c2802bf04 24512 
ruby-actionmailer-3.2_3.2.6.orig.tar.gz
 ee61d18e07c818195651c50a066a51404c45aea3f11f24a85d2beac2ca39473a 1654 
ruby-actionmailer-3.2_3.2.6-2+deb7u1.dsc
 393aaeac1dc0b82fcde3fe4271b3251f34c3226f885922f0d0f4bbceaefe82ca 3315 
ruby-actionmailer-3.2_3.2.6-2+deb7u1.debian.tar.gz
 2fb9834fe612e02fe280cfccb1974659d527b34cfa017d1e2c2e909bba73e24b 29560 
ruby-actionmailer-3.2_3.2.6-2+deb7u1_all.deb
Files: 
 18ed73453ad28f09c83138f9fbc2face 24512 ruby optional 
ruby-actionmailer-3.2_3.2.6.orig.tar.gz
 959bbc9109b1848a4e74d62b5693c473 1654 ruby optional 
ruby-actionmailer-3.2_3.2.6-2+deb7u1.dsc
 7788fb660685c98119ffe1287208bc1e 3315 ruby optional 
ruby-actionmailer-3.2_3.2.6-2+deb7u1.debian.tar.gz
 3283b007270432ff7b2a4851a630fe8b 29560 ruby optional 
ruby-actionmailer-3.2_3.2.6-2+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlL7e68ACgkQ9OZqfMIN8nNTMwCgrRa7epEgUNd98ug7GDavOPV5
qGcAn0vpWh/yhintz6Y3e8tgUxeOcAaP
=4pXc
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers

Reply via email to