[DRE-maint] Bug#864651: passenger: CVE-2015-7519: Header overwriting issue

Loic Gomez debian at kyoshiro.org
Mon Jun 12 13:28:46 UTC 2017


Package: ruby-passenger
Version: 4.0.53-1
Severity: important
Tags: security upstream patch

Hi,

The following vulnerability was published for passenger and fixed in Squeeze
and Stretch. It has not been fixed in Jessie nor Wheezy as the source package
differ, hence this report.

https://security-tracker.debian.org/tracker/CVE-2015-7519
Header overwriting issue

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:
https://security-tracker.debian.org/tracker/CVE-2015-7519
https://bugzilla.suse.com/show_bug.cgi?id=956281
https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807354

Cheers,

Loic

-- System Information:
Debian Release: 8.8
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.10.0-22-generic
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages ruby-passenger depends on:
ii  libc6        2.19-18+deb8u9
ii  libcurl3     7.38.0-4+deb8u5
ii  libev4       1:4.15-3
ii  libgcc1      1:4.9.2-10
ii  libjsoncpp0  0.6.0~rc2-3.1
ii  libruby2.1   2.1.5-2+deb8u3
ii  libstdc++6   4.9.2-10
ii  ruby         1:2.1.5+deb8u2
ii  ruby-rack    1.5.2-3+deb8u1
ii  zlib1g       1:1.2.8.dfsg-2+b1

ruby-passenger recommends no packages.

Versions of packages ruby-passenger suggests:
pn  nodejs              <none>
ii  python              2.7.9-1
pn  rails               <none>
pn  ruby-passenger-doc  <none>

-- no debconf information



More information about the Pkg-ruby-extras-maintainers mailing list