Your message dated Fri, 02 Mar 2018 22:47:17 +0000 with message-id <e1ertsp-000hik...@fasolo.debian.org> and subject line Bug#882034: fixed in ruby-redis-store 1.1.6-1+deb9u1 has caused the Debian Bug report #882034, regarding ruby-redis-store: CVE-2017-1000248 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 882034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882034 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ruby-redis-store Version: 1.1.6-1 Severity: grave Tags: patch security upstream Forwarded: https://github.com/redis-store/redis-store/issues/289 Control: found -1 1.3.0-1 Hi, the following vulnerability was published for ruby-redis-store. CVE-2017-1000248[0]: | Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000248 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000248 [1] https://github.com/redis-store/redis-store/issues/289 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ruby-redis-store Source-Version: 1.1.6-1+deb9u1 We believe that the bug you reported is fixed in the latest version of ruby-redis-store, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 882...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cédric Boutillier <bou...@debian.org> (supplier of updated ruby-redis-store package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 01 Dec 2017 17:22:29 +0100 Source: ruby-redis-store Binary: ruby-redis-store Architecture: source Version: 1.1.6-1+deb9u1 Distribution: stretch Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org> Changed-By: Cédric Boutillier <bou...@debian.org> Description: ruby-redis-store - redis stores for Ruby frameworks Closes: 882034 Changes: ruby-redis-store (1.1.6-1+deb9u1) stretch; urgency=high . * Team upload * Add upstream patch to fix CVE-2017-1000248, allowing unsafe objects to be loaded from redis (Closes: #882034) Checksums-Sha1: 4567080e54a3504025b13560045f78d66da62734 1863 ruby-redis-store_1.1.6-1+deb9u1.dsc a52462c2cbce69022fe4a5724059431a0fa89c47 6436 ruby-redis-store_1.1.6-1+deb9u1.debian.tar.xz b8a6b0e807a023650f88ef5feb93577f6b65bbe6 6719 ruby-redis-store_1.1.6-1+deb9u1_amd64.buildinfo Checksums-Sha256: 3c56ca31d0c105953252c63a3caac2bfd0479fb109677a3c0f19a8a80b28af28 1863 ruby-redis-store_1.1.6-1+deb9u1.dsc ac0a0941fd8f9b661dca1f4bf223f2a927e43b658a4a83751afab532136b4070 6436 ruby-redis-store_1.1.6-1+deb9u1.debian.tar.xz 27539d4a8efba972097e5b4ea13f84a58b8121b35a040928bcb05420094c934f 6719 ruby-redis-store_1.1.6-1+deb9u1_amd64.buildinfo Files: c09005074842c9c3632a577a4ccf738c 1863 ruby optional ruby-redis-store_1.1.6-1+deb9u1.dsc 4ae707e48b4e95f08297192ed0c0a027 6436 ruby optional ruby-redis-store_1.1.6-1+deb9u1.debian.tar.xz 0423f7da800cfb6684632216663e74ef 6719 ruby optional ruby-redis-store_1.1.6-1+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAlqY94cACgkQia+CtznN IXqZTQf+PY5q2f6HO40oQt0WTFJvuT9F+eF1X4OFu6MjwKniP9xiuhUmE+qu/W58 nV8yssYetGW2WDZ4t+FSLOD8EqPDrJGOsc9v+8dOIxVzimQz4Q6f2BF/S74owZVM bJKXSwiGJw4lukCsyjhV4ILx3E31byPxVD3GDXzMczo4BlnV2/JsaEvXjyc2Y80c 7MvClbMU20HZliyxVtV5mUn+1lljFugzW+hqtQgOugdHSsgS/motDceH/HM6NAJV W8/CdOK5YNdEWAotLkvyrK6bJnJd+KC7OpyD3eSU//snMRLUTGxI6UJWv1OwUWYB LaejPB+PgrFoSqhXaAcji2BN4U4vYw== =tjtj -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
