Your message dated Sun, 02 Aug 2015 17:47:47 +0000
with message-id <[email protected]>
and subject line Bug#789311: fixed in ruby-rack 1.5.2-3+deb8u1
has caused the Debian Bug report #789311,
regarding ruby-rack: CVE-2015-3225: Potential Denial of Service Vulnerability
in Rack normalize_params()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
789311: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ruby-rack
Version: 1.4.1-1
Severity: important
Tags: security patch upstream fixed-upstream
Hi,
the following vulnerability was published for ruby-rack.
CVE-2015-3225[0]:
Potential Denial of Service Vulnerability in Rack normalize_params()
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3225
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-rack
Source-Version: 1.5.2-3+deb8u1
We believe that the bug you reported is fixed in the latest version of
ruby-rack, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Youhei SASAKI <[email protected]> (supplier of updated ruby-rack package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Jul 2015 17:12:00 +0900
Source: ruby-rack
Binary: ruby-rack
Architecture: source all
Version: 1.5.2-3+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Youhei SASAKI <[email protected]>
Description:
ruby-rack - Modular Ruby webserver interface
Closes: 789311
Changes:
ruby-rack (1.5.2-3+deb8u1) jessie-security; urgency=high
.
* Create cherry-picked patch for Security Fix (Closes: #789311).
- CVE-2015-3225: 0001-Fix-Params_Depth.patch
Default depth at which the parameter parser will raise an exception
for being too deep, allows remote attackers to cause a denial of
service (SystemStackError) via a request with a large parameter
depth.
* Add 0002-Add-missing-require-to-response.rb.patch.
Add missing require of rack/body_proxy in response.rb
Checksums-Sha1:
d6a1aa9178d58cf588ec3250c4b7dc03f624ffa0 2201 ruby-rack_1.5.2-3+deb8u1.dsc
e679e7a3f09007e836f465d70971216fdb4ec7cd 218461 ruby-rack_1.5.2.orig.tar.gz
d02386b87622eaf4c8aae7b64dfef0fd16c01874 7212
ruby-rack_1.5.2-3+deb8u1.debian.tar.xz
2f4dc5fa7afd0904d6c87d1f601634879c4200be 83690 ruby-rack_1.5.2-3+deb8u1_all.deb
Checksums-Sha256:
d9daf5e1a4220437b7a5d3bb00a3fa26edc789083add3eb75f84b6476ce9c6d4 2201
ruby-rack_1.5.2-3+deb8u1.dsc
fd4fbd6545f9105baf62b6ea413b62d4724567c608b14de0a3a64568f81cc774 218461
ruby-rack_1.5.2.orig.tar.gz
56b5a29247dd9748a632187bb75c7279fdec81e27f660f45c8699688e973b977 7212
ruby-rack_1.5.2-3+deb8u1.debian.tar.xz
45412e16bc265ff50aff86ee7c4c8ee941fbe228173c075ab1e2de182a0941c1 83690
ruby-rack_1.5.2-3+deb8u1_all.deb
Files:
fed9e8384647d7133f831adef223cd6e 2201 ruby optional
ruby-rack_1.5.2-3+deb8u1.dsc
84f6d82d041470c5c338ea06d7a01012 218461 ruby optional
ruby-rack_1.5.2.orig.tar.gz
1da39eb245aef6045ea76697a2f89125 7212 ruby optional
ruby-rack_1.5.2-3+deb8u1.debian.tar.xz
326091972d46a7f591fc72459be4fe0e 83690 ruby optional
ruby-rack_1.5.2-3+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVumL3AAoJEAVMuPMTQ89ENlEP/35gb64DvcwIao36DSNpnW/T
oJu4g+W8poJFWY3BcJYjV+XE/YYmf4feG405LIXfPx1zgvUGZqQ73Udj8flkYGiy
H9gT/h/7dG8RM2/hzYn/LY2N3FLqRmnbvHTKgUqZs8WiRg2x0y1fz/QKjGXTFhsN
ibTq/LlMcsVSwFmsNzfDWsAwdKgvIP4D5ZbU2dqctH0PnjWjnsTM9CQ0WLLFRys8
F0IHzs4BA8+cJ0e1cLe1kuEZIU4nEvjmwGsbb9dEwo+ueCkYPFz+FuPBLwU8tJ+t
mkTw1ze+AbYeneXQBQdKUhmxUH8z+nHUaOE/IWM4CN03LEl4t3BeZadPFR0WDXsa
9bmwXHw/0lu0i0cbohH26yY396IWmxPqHK3w99985aNpFyKgD4lBzi2nCpAcPkVt
ivY3vKp99BmUsIycdwbJuLzjkoXoQHmx51dHGKxZ/1T8e61Bi+j57dngOlcOThGO
X49yqckq1yflN2Cak8q94OKqyqoVufuEfNs8kuicb7VVpnykcPVG9Un4afcNdZ8L
OCw5QMByqNb3lg+GYVn2+m44606bMUlxXmOCn+T1am9jp3Mmz1iWEbPUQhUZCiZi
+yss18ibZ52w54/8rNIsVcAY2Sht5Rzdn15qFUwdMw08ie75SuIE6koPtTG9C67k
BsMs7KDxkqiS+aVwr0VU
=NnV0
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
