Your message dated Thu, 20 Sep 2012 22:17:59 +0000 with message-id <e1tep4j-0003c5...@franck.debian.org> and subject line Bug#686867: fixed in jruby 1.5.6-4 has caused the Debian Bug report #686867, regarding jruby: CVE-2011-4838 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 686867: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686867 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: jruby Severity: grave Tags: security Justification: user security hole Hi, jruby in Wheezy is still affected by http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4838 http://www.nruns.com/_downloads/advisory28122011.pdf Since Wheezy already has 1.6.5, updating to 1.6.5.1 seems like a good idea? Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: jruby Source-Version: 1.5.6-4 We believe that the bug you reported is fixed in the latest version of jruby, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 686...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. tony mancill <tmanc...@debian.org> (supplier of updated jruby package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 20 Sep 2012 13:36:31 -0700 Source: jruby Binary: jruby Architecture: source all Version: 1.5.6-4 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: tony mancill <tmanc...@debian.org> Description: jruby - 100% pure-Java implementation of Ruby Closes: 686867 Changes: jruby (1.5.6-4) unstable; urgency=medium . * Team upload. * Add patch for CVE-2011-4838 (Closes: #686867) - Thanks to Moritz Muehlenhoff Checksums-Sha1: 9753adb8aa9532f77beb71108dcddf1962f939e2 2281 jruby_1.5.6-4.dsc 900afd94a1301d6ecbff3993f01d551e496eb01e 29503 jruby_1.5.6-4.debian.tar.gz a4b68b42e72e9deb049bdf54467c34b18f5cd385 8912168 jruby_1.5.6-4_all.deb Checksums-Sha256: e56f79085cb8429be292bb1288a24dac15308b6e2810dd086806290e4ecf84a7 2281 jruby_1.5.6-4.dsc b704d051e046b718db6eb32d7d31541a47cd47d3558242681f867ebff9141d60 29503 jruby_1.5.6-4.debian.tar.gz 8fd0f27a65164c610e2d09ad4126e6cd088b5a19a384cb543ea9cff9c0419473 8912168 jruby_1.5.6-4_all.deb Files: 7e0ca248c7dbb64d03429b540e740bc7 2281 ruby optional jruby_1.5.6-4.dsc c2729773cfbe2ce044a497fe4b7159dc 29503 ruby optional jruby_1.5.6-4.debian.tar.gz 7024648f4b05c9273ab1fb1d4803968b 8912168 ruby optional jruby_1.5.6-4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQW5ChAAoJECHSBYmXSz6WBRAQAJiiZwnJh86fRAs+FoEDSJGe h8h0SQfOumGFQ8sqx3siMskLRlBTEkaIUDuqyRqMqTyHWLzaZE+uG2DpmQ/8vAXt eKQWnWKEAbE5eZAsNIy+MpbaSkjbtATvlnizKwiO+9xKqTg9FYaC1dBh46h7cNIu C0d+J++XtYjBI+aJQILdh0HFP6wNQBGv9Wyy52fwdF9Wv5s+Ny8zUmh1dqjPCCg4 U8spIUdcEyQhsqjnwVjnJAvNXoo/dhQPoJ5xED6oGHQCZwl+nEj/mI8nlKh3zpCr qilr7b3dZ2tfZE1VJrjAQlY5LPuqJiJC6A4h+5ResrDpiQPJZSX0Gwc1oVjGu6p8 iBdXUFQFU25/JKLVS19ABsVPb1WT26Jh/YfmvvIaXXY6Yxh8zaHOieuqxZsOWo7Q OVlIZHTz/KZtOz480LfgCt8DkUKaHUpD2nh4HciEfhXzyuhAB7Wl4ZVs9yUoy7XX wRM58bBXV4AU67WQ/R1c2j/z3JbffnCe3dWElFtkzQGJQOPFKFnFO+qhaoSpakXl msFmlpIqvBYNxrG25KoBUiKIkj4ARSHDu3OEhDdu5KEfs4YCdYj7+jkG1yhohDVo dHiuh9tGFDKkaFwK1DdTrqsE3SydVDlzeckLs5JoISWvjqhMc4+pOzLN3D88CXlZ cm9W6aD4foY6Gs1qZYYW =HMfK -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
