Your message dated Sun, 03 Jun 2012 21:24:26 +0000
with message-id <e1sbihi-0005dt...@franck.debian.org>
and subject line Bug#628451: fixed in ruby1.9.1 1.9.3.194-1
has caused the Debian Bug report #628451,
regarding CVE-2011-0188: arbitrary code execution
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
628451: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628451
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ruby1.9
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for openswan.
CVE-2011-0188[0]:
| The VpMemAlloc function in bigdecimal.c in the BigDecimal class in
| Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7
| and other platforms, does not properly allocate memory, which allows
| context-dependent attackers to execute arbitrary code or cause a
| denial of service (application crash) via vectors involving creation
| of a large BigDecimal value within a 64-bit process, related to an
| "integer truncation issue."
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers,
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0188
http://security-tracker.debian.org/tracker/CVE-2011-0188
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3hvtoACgkQ62zWxYk/rQcLpwCff23GyqO9ChRxot2/jjt2fMCr
RzUAn0f6CcyulgL1YuKBrvo7ZGl3By59
=Ffgi
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: ruby1.9.1
Source-Version: 1.9.3.194-1
We believe that the bug you reported is fixed in the latest version of
ruby1.9.1, which is due to be installed in the Debian FTP archive:
libruby1.9.1-dbg_1.9.3.194-1_amd64.deb
to main/r/ruby1.9.1/libruby1.9.1-dbg_1.9.3.194-1_amd64.deb
libruby1.9.1_1.9.3.194-1_amd64.deb
to main/r/ruby1.9.1/libruby1.9.1_1.9.3.194-1_amd64.deb
libtcltk-ruby1.9.1_1.9.3.194-1_amd64.deb
to main/r/ruby1.9.1/libtcltk-ruby1.9.1_1.9.3.194-1_amd64.deb
ri1.9.1_1.9.3.194-1_all.deb
to main/r/ruby1.9.1/ri1.9.1_1.9.3.194-1_all.deb
ruby1.9.1-dev_1.9.3.194-1_amd64.deb
to main/r/ruby1.9.1/ruby1.9.1-dev_1.9.3.194-1_amd64.deb
ruby1.9.1-examples_1.9.3.194-1_all.deb
to main/r/ruby1.9.1/ruby1.9.1-examples_1.9.3.194-1_all.deb
ruby1.9.1-full_1.9.3.194-1_all.deb
to main/r/ruby1.9.1/ruby1.9.1-full_1.9.3.194-1_all.deb
ruby1.9.1_1.9.3.194-1.debian.tar.gz
to main/r/ruby1.9.1/ruby1.9.1_1.9.3.194-1.debian.tar.gz
ruby1.9.1_1.9.3.194-1.dsc
to main/r/ruby1.9.1/ruby1.9.1_1.9.3.194-1.dsc
ruby1.9.1_1.9.3.194-1_amd64.deb
to main/r/ruby1.9.1/ruby1.9.1_1.9.3.194-1_amd64.deb
ruby1.9.1_1.9.3.194.orig.tar.gz
to main/r/ruby1.9.1/ruby1.9.1_1.9.3.194.orig.tar.gz
ruby1.9.3_1.9.3.194-1_all.deb
to main/r/ruby1.9.1/ruby1.9.3_1.9.3.194-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 628...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Antonio Terceiro <terce...@debian.org> (supplier of updated ruby1.9.1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 02 Jun 2012 07:42:28 -0300
Source: ruby1.9.1
Binary: ruby1.9.1 libruby1.9.1 libruby1.9.1-dbg ruby1.9.1-dev
libtcltk-ruby1.9.1 ruby1.9.1-examples ri1.9.1 ruby1.9.1-full ruby1.9.3
Architecture: source all amd64
Version: 1.9.3.194-1
Distribution: unstable
Urgency: low
Maintainer: akira yamada <ak...@debian.org>
Changed-By: Antonio Terceiro <terce...@debian.org>
Description:
libruby1.9.1 - Libraries necessary to run Ruby 1.9.1
libruby1.9.1-dbg - Debugging symbols for Ruby 1.9.1
libtcltk-ruby1.9.1 - Tcl/Tk interface for Ruby 1.9.1
ri1.9.1 - Ruby Interactive reference (for Ruby 1.9.1)
ruby1.9.1 - Interpreter of object-oriented scripting language Ruby
ruby1.9.1-dev - Header files for compiling extension modules for the Ruby 1.9.1
ruby1.9.1-examples - Examples for Ruby 1.9
ruby1.9.1-full - Ruby 1.9.1 full installation
ruby1.9.3 - Interpreter of object-oriented scripting language Ruby, version 1
Closes: 628451 648055 654312 667964 669582 674347
Changes:
ruby1.9.1 (1.9.3.194-1) unstable; urgency=low
.
[ Lucas Nussbaum ]
* Add hurd-path-max.diff. Fixes FTBFS on Hurd. (Closes: #648055)
.
[ Daigo Moriwaki ]
* Removed debian/patches/debian/patches/sparc-continuations.diff,
which the upstream has applied.
* debian/rules:
- Bumped up tcltk_ver to 8.5.
- Used chrpath for tcltklib.so to fix a lintian error,
binary-or-shlib-defines-rpath.
* debian/control:
- Suggests ruby-switch. (Closes: #654312)
- Build-Depends: chrpath.
* debian/libruby1.9.1.symbols: Added a new symbol for
rb_str_modify_expand@Base.
* debian/run-test-suites.bash:
- Corrected options for test-all.
- Enabled timeout to allow hang tests to be aborted.
.
[ James Healy ]
* New upstream release: 1.9.3p194 (Closes: #669582)
+ This release includes a fix for CVE-2011-0188 (Closes: #628451)
+ This release also does not segfault when running the test suite under
amd64 (Closes: #674347)
* Enable hardened build flags (Closes: #667964)
* debian/control:
- depend on specific version on coreutils
- update policy version (no changes)
.
[ Antonio Terceiro ]
* debian/ruby1.9.1.postinst:
+ bump alternatives priority for `ruby` to 51 so that Ruby 1.9 has a
higher priority than Ruby 1.8 (50).
+ bump alternatives priority for `gem` to 181 so that the Rubygems
provided by Ruby 1.9 has priority over the one provided by the rubygems
package.
* debian/control: added myself to Uploaders:
* debian/libruby1.9.1.symbols: update with new symbols added in 1.9.3p194
upstream release.
* debian/manpages/*: fix references to command names with s/1.9/1.9.1/
* debian/rules: skip running DRB tests, since they seem to make the build
hang. This should close #647296, but let's way and see. Also, with this do
not need to timeout the test suite anymore.
Checksums-Sha1:
e02b4121c918b8ac37d7f0a2e2970bb621d698ed 1994 ruby1.9.1_1.9.3.194-1.dsc
31cf6bd981e4c929e5dc3bbdb341833eab1bd9f2 12432239
ruby1.9.1_1.9.3.194.orig.tar.gz
a897d5d171b16de47a57c1050be9657f7c2107c6 50869
ruby1.9.1_1.9.3.194-1.debian.tar.gz
20cdc23b8bb646f0b602226e7ef3661fed330326 232502
ruby1.9.1-examples_1.9.3.194-1_all.deb
85f50ba379f7aa521fa205f03bd6e9e4cb2db86d 2172120 ri1.9.1_1.9.3.194-1_all.deb
c20ea136a7bf9693859c7b38c8a638a6d22ba8ea 170580
ruby1.9.1-full_1.9.3.194-1_all.deb
ac6b55e5bf2724859177d6289e825313b985f9cf 171144 ruby1.9.3_1.9.3.194-1_all.deb
d59089d22eb7db1dae4840484b1bc6c643d4f90f 207472 ruby1.9.1_1.9.3.194-1_amd64.deb
dd22a9476ba1d9efc09d0268d5a4c83f64eb9060 4414322
libruby1.9.1_1.9.3.194-1_amd64.deb
fe71a38621cf8475a904deb62c585b077514ab43 4554666
libruby1.9.1-dbg_1.9.3.194-1_amd64.deb
5bffc9aba5edde94d537326cd69bf4ca93c31c08 1383390
ruby1.9.1-dev_1.9.3.194-1_amd64.deb
4008dc851e1bcdacc15696e4f863e9ca142d2f7d 1958768
libtcltk-ruby1.9.1_1.9.3.194-1_amd64.deb
Checksums-Sha256:
c23880bf94e0800a67c451b79287ada7b531cbb5ad4e4db96253e1ea06f92aa0 1994
ruby1.9.1_1.9.3.194-1.dsc
46e2fa80be7efed51bd9cdc529d1fe22ebc7567ee0f91db4ab855438cf4bd8bb 12432239
ruby1.9.1_1.9.3.194.orig.tar.gz
471ae4b44a83dacc042b4c840c47c0143cdbf58afc28433d8388abf912a58cb1 50869
ruby1.9.1_1.9.3.194-1.debian.tar.gz
f6b54e501996de5d4660177b552c7f2189cb9a51f90fdbfc99a4ccac7d27145f 232502
ruby1.9.1-examples_1.9.3.194-1_all.deb
b8d272de7b47266beb4c4645f07d762631dfa5e63375bba41c36ee366aa749f9 2172120
ri1.9.1_1.9.3.194-1_all.deb
a4e898a7a66cadf7f3406b4bba90adc8a09f7e35be62ec8621567aaee9a2f37a 170580
ruby1.9.1-full_1.9.3.194-1_all.deb
e0eb5b12765cb561ac7ade77b58592152548ed7ea513c993e2e23e207b3a532b 171144
ruby1.9.3_1.9.3.194-1_all.deb
e30aef50ccb954e8cebb741546dfc44753dcec905403fb33d799e9028a462667 207472
ruby1.9.1_1.9.3.194-1_amd64.deb
00a7f6d43c9b1a0c06b977052ec3788a7a31e1d5313e0beb7ce0f1451e331416 4414322
libruby1.9.1_1.9.3.194-1_amd64.deb
68a35d7605f890f90328b46474302bf891e9d1a959bd4a70e5ae80fe7e904ee0 4554666
libruby1.9.1-dbg_1.9.3.194-1_amd64.deb
230584318fb26dfea119aa416915c7ea555d51062fab15ef827e296a740effc9 1383390
ruby1.9.1-dev_1.9.3.194-1_amd64.deb
870e56637ee17629792469289e49be5b75ca547d8a37bec1fc9be3161413be98 1958768
libtcltk-ruby1.9.1_1.9.3.194-1_amd64.deb
Files:
f99c913a1dbf80ca25acafc85a43b24d 1994 ruby optional ruby1.9.1_1.9.3.194-1.dsc
bc0c715c69da4d1d8bd57069c19f6c0e 12432239 ruby optional
ruby1.9.1_1.9.3.194.orig.tar.gz
86a3819052c658df4a0d4358fd70b00e 50869 ruby optional
ruby1.9.1_1.9.3.194-1.debian.tar.gz
f2d8883fc5f1619d3794adddfd659dec 232502 ruby optional
ruby1.9.1-examples_1.9.3.194-1_all.deb
359f36f7ecfb700429c8d800424f2a9a 2172120 ruby optional
ri1.9.1_1.9.3.194-1_all.deb
a6bceb516fc984e0f1b1f4e1c791ff21 170580 ruby optional
ruby1.9.1-full_1.9.3.194-1_all.deb
57afd712d822bece39ae2c45670f5206 171144 ruby optional
ruby1.9.3_1.9.3.194-1_all.deb
4ea77aa0b8d6bd8c0c02ee26a9f7e76e 207472 ruby optional
ruby1.9.1_1.9.3.194-1_amd64.deb
c25de2eda6d0d2d11ef6b9bf861c3339 4414322 libs optional
libruby1.9.1_1.9.3.194-1_amd64.deb
1407bb08e6288fe40d301fe18bf99c86 4554666 debug extra
libruby1.9.1-dbg_1.9.3.194-1_amd64.deb
fb445367a2920f0f25d0031cbd5026ad 1383390 ruby optional
ruby1.9.1-dev_1.9.3.194-1_amd64.deb
1ad2f8a690f601ad2b76464c10417fb5 1958768 ruby optional
libtcltk-ruby1.9.1_1.9.3.194-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk/LzEkACgkQDOM8kQ+cso/36wCeKqa6lGTqcfXvzM0xm4gfP9Yq
iiUAoKGAIBfx/TImsdqyxXiH6UyCYC8e
=XkfR
-----END PGP SIGNATURE-----
--- End Message ---
