[DRE-maint] Bug#882034: marked as done (ruby-redis-store: CVE-2017-1000248)

[Debian Bug Tracking System]

Your message dated Wed, 29 Nov 2017 10:05:12 +0000
with message-id <e1ejzeu-000frl...@fasolo.debian.org>
and subject line Bug#882034: fixed in ruby-redis-store 1.1.6-2
has caused the Debian Bug report #882034,
regarding ruby-redis-store: CVE-2017-1000248
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882034
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: ruby-redis-store
Version: 1.1.6-1
Severity: grave
Tags: patch security upstream
Forwarded: https://github.com/redis-store/redis-store/issues/289
Control: found -1 1.3.0-1

Hi,

the following vulnerability was published for ruby-redis-store.

CVE-2017-1000248[0]:
| Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-1000248
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000248
[1] https://github.com/redis-store/redis-store/issues/289

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: ruby-redis-store
Source-Version: 1.1.6-2

We believe that the bug you reported is fixed in the latest version of
ruby-redis-store, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 882...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cédric Boutillier <bou...@debian.org> (supplier of updated ruby-redis-store 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Nov 2017 10:09:20 +0100
Source: ruby-redis-store
Binary: ruby-redis-store
Architecture: source
Version: 1.1.6-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 
<pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Cédric Boutillier <bou...@debian.org>
Description:
 ruby-redis-store - redis stores for Ruby frameworks
Closes: 882034
Changes:
 ruby-redis-store (1.1.6-2) unstable; urgency=medium
 .
   * Team upload
   * Gpb configuration for unstable
   * Add upstream patch to fix CVE-2017-1000248, allowing unsafe objects to be
     loaded from redis (Closes: #882034)
   * Use https:// in Vcs-* fields
   * Bump Standards-Version to 4.1.1 (no changes needed)
   * Bump debhelper compatibility level to 10
Checksums-Sha1:
 a6246a8acbd7492b44d3df2b904a2efc27009f1a 1822 ruby-redis-store_1.1.6-2.dsc
 d8890f6e4cdd99763fa81fd295091f7ee047a856 6456 
ruby-redis-store_1.1.6-2.debian.tar.xz
 4176cd930d5651d512818183d5ba94ccba3ae58f 6462 
ruby-redis-store_1.1.6-2_source.buildinfo
Checksums-Sha256:
 31625c73a492652652d756017f4f7dca8bb7a1b21df63ba4fd596a2a35dded68 1822 
ruby-redis-store_1.1.6-2.dsc
 01e8dbbb1b302fc8d30d1267b95c0f8f2e94271b5ec554b7679791017671a9e5 6456 
ruby-redis-store_1.1.6-2.debian.tar.xz
 8f580728e16d21ff57b6605bea76be27510f6a54675587fbcb1ed2e437bd6190 6462 
ruby-redis-store_1.1.6-2_source.buildinfo
Files:
 d2e4cb9654789a8960325cfb26d55d4c 1822 ruby optional 
ruby-redis-store_1.1.6-2.dsc
 44150e73b4b39e8974b126ddbe5caebc 6456 ruby optional 
ruby-redis-store_1.1.6-2.debian.tar.xz
 2b8e0e4c626105d2483be566d944f2ea 6462 ruby optional 
ruby-redis-store_1.1.6-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAloegBUACgkQia+CtznN
IXoXYQf/er/2AeT1yBiCggDZYdYoBWdiRJ1BK0GOIl10FtefckyT+Q9nKV3BXQ3l
rVLiS4J0bWHyAuFL5eqDraZM5gv7wuNFbt66SnZorRopZLx8wK+7uHra/bAJc812
Jnr1HEo3yHU9a1AGEoFOIH7UytK/ULQdbRipYS86lKclO64seXHkji6AewnHpX/4
60AZeEzZa7pqtQrNMFnwsKs+b2BzXlDkY83OJnhf+eJaOD9NAn9jwCAgP6PNluJl
PmB70Mf4pUuq/jCVy+ra0EQCtuFMflMP0iDlWWeBgQP1JC0pv1jovaT3pbGmKGZ/
gqQiEsa023Df6g5ZP/B+bqHzh67ZiA==
=WYFf
-----END PGP SIGNATURE-----

--- End Message ---

_______________________________________________
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers