[DRE-maint] Bug#698440: Bug#698440: ruby-rack: CVE-2012-6109 CVE-2013-0184 CVE-2013-0183
Youhei SASAKI
uwabami at gfd-dennou.org
Sat Jan 19 21:13:24 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear team member:
(Cc: BTS, security team)
I created cherry-picked patches from upstream, in order to fix these CVE
issues and commit team git repository. Please review for upload.
Vcs-Git: git://git.debian.org/pkg-ruby-extras/ruby-rack.git
Vcs-Browser: http://git.debian.org/?p=pkg-ruby-extras/ruby-rack.git;a=summary
BTW, I don't know these issues affect stable packages,
librack-ruby{,1.8,1.9.1}, ver. 1.1.0-4.
# We have dropped them from SVN repos. Thus we should import them into
# team Git repos.
P.S. Thanks Moritz!
At 18 Jan 2013 15:55:23 +0100,
"Moritz Muehlenhoff" <jmm at inutil.org> wrote:
>
> Package: ruby-rack
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Please see these links for details:
> http://seclists.org/oss-sec/2013/q1/80
> http://seclists.org/oss-sec/2013/q1/83
>
Best Wishes,
- ---
Youhei SASAKI <uwabami at gfd-dennou.org>
<uwabami at debian.or.jp>
GPG fingerprint:
4096/RSA: 66A4 EA70 4FE2 4055 8D6A C2E6 9394 F354 891D 7E07
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQ+wxnAAoJEJOU81SJHX4HrewP/3goc7fyxCGG4o8ZoECNjV7Z
zCKE/ya6aRVqvcFEBbSrvo/nh+QZdmMbLb2mu68PV8iEdsa7zYuxH+uGMv5brckN
ST4dOAyUIfAvTBfusgsIDZaJWkOI/5w5t6Cv3hEr5wbBikvkyee40xCrkDklYoU3
Y0/rSsjoIf5CUQwZ9XrSVbf5Z/Jy1RY9mXCJOygQXRwztYPbO8hawO2sv73MQM4W
stTViWues7IgnjAEDPrtYOU3d35bx0MgDwfxcqXr9nDIz6TsnCX34FNiWl9Zw4Lc
6sJhUVKpCImTTwaHSRtvg/HWH75L+qLh6W8isscyh2qR3ZfFRmMgjPcm9Y/X56LI
0KPUuwuQQkOi6dgyY8jR6fk03Bwh1KpnJWfwUvPYHQX9IF5iRJbsfKuyqrqs2HQC
Sv5xrp0eedoxs7Jh9hq4MMAwioM6r3/KtYUB0gyc4/6GxiPnLwGJtH3jcphCjju6
BFyNRVsBc9oS/sH4Npor7Urr7KsMo8SeSmoJLPbqVwPVfbDLgL2LFOr5d3RLXqlU
efJ2XxtIRqPMkzWoBZlWdKoxp3eQ08AMSeRhgJR+7ZG0+j7biSuM2nhRtF1AhVDp
rq3mUzfBQi7MEw4cSFoGHIZVXj5SIX8Mlhou1si5OAww8qbPPx36HvNbxBDXoD4l
EHLfuZ4hvyyg+0DVwtJi
=u1mW
-----END PGP SIGNATURE-----
More information about the Pkg-ruby-extras-maintainers
mailing list