Your message dated Tue, 06 Aug 2013 12:36:10 +0000 with message-id <e1v6guk-0005dk...@franck.debian.org> and subject line Bug#714543: fixed in ruby1.9.1 1.9.3.194-8.2 has caused the Debian Bug report #714543, regarding ruby1.9.1: CVE-2013-4073: Hostname check bypassing vulnerability in SSL client to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 714543: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714543 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ruby1.9.1 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for ruby1.9.1. CVE-2013-4073[0]: Hostname check bypassing vulnerability in SSL client If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073 http://security-tracker.debian.org/tracker/CVE-2013-4073 [1] http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/ [2] https://github.com/ruby/ruby/commit/2669b84d407ab431e965145c827db66c91158f89 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ruby1.9.1 Source-Version: 1.9.3.194-8.2 We believe that the bug you reported is fixed in the latest version of ruby1.9.1, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 714...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated ruby1.9.1 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 07 Jul 2013 10:37:03 +0200 Source: ruby1.9.1 Binary: ruby1.9.1 libruby1.9.1 libruby1.9.1-dbg ruby1.9.1-dev libtcltk-ruby1.9.1 ruby1.9.1-examples ri1.9.1 ruby1.9.1-full ruby1.9.3 Architecture: source all amd64 Version: 1.9.3.194-8.2 Distribution: unstable Urgency: high Maintainer: akira yamada <ak...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libruby1.9.1 - Libraries necessary to run Ruby 1.9.1 libruby1.9.1-dbg - Debugging symbols for Ruby 1.9.1 libtcltk-ruby1.9.1 - Tcl/Tk interface for Ruby 1.9.1 ri1.9.1 - Ruby Interactive reference (for Ruby 1.9.1) ruby1.9.1 - Interpreter of object-oriented scripting language Ruby ruby1.9.1-dev - Header files for compiling extension modules for the Ruby 1.9.1 ruby1.9.1-examples - Examples for Ruby 1.9 ruby1.9.1-full - Ruby 1.9.1 full installation ruby1.9.3 - Interpreter of object-oriented scripting language Ruby, version 1 Closes: 714543 Changes: ruby1.9.1 (1.9.3.194-8.2) unstable; urgency=high . * Non-maintainer upload. * Add CVE-2013-4073.patch patch. CVE-2013-4073: Fix hostname check bypassing vulnerability in SSL client. (Closes: #714543) Checksums-Sha1: f5dc95da0ae85b192f74c44b8c4a201259554d85 2642 ruby1.9.1_1.9.3.194-8.2.dsc 6eae9838af85c481640238e7495152a8b1379812 63649 ruby1.9.1_1.9.3.194-8.2.debian.tar.gz 8789cb43da27b12e77b67fed4712bbf957d48a42 225714 ruby1.9.1-examples_1.9.3.194-8.2_all.deb 2e4c6460830d36172f231a905ad9b85bcfb0940c 1675152 ri1.9.1_1.9.3.194-8.2_all.deb a3edb6bd7400b607abac00d4613df6ca5e5d36ca 172038 ruby1.9.1-full_1.9.3.194-8.2_all.deb c0c99863eda74de00b22add6b8e0ebcc2993dce2 172516 ruby1.9.3_1.9.3.194-8.2_all.deb 65b90eeeb17fa0032a28a627849818e74ca04619 208254 ruby1.9.1_1.9.3.194-8.2_amd64.deb ee145e49c588ee6aca12ac6e78c654f805b494f1 2921372 libruby1.9.1_1.9.3.194-8.2_amd64.deb 7c07af934b4a24569dc4b2a726affa8a4360312b 4228602 libruby1.9.1-dbg_1.9.3.194-8.2_amd64.deb 0c16b335e8e76c844b8ab2882abc3ba0c48d4c75 1035872 ruby1.9.1-dev_1.9.3.194-8.2_amd64.deb d3eb70de0dba30d6f677bbdc9e63316f21c46bca 1565682 libtcltk-ruby1.9.1_1.9.3.194-8.2_amd64.deb Checksums-Sha256: c35cda8aaaed13280b769ca29eb0c8aa26e6c613ec888627a5699267330be02e 2642 ruby1.9.1_1.9.3.194-8.2.dsc 75e718b7227c493176f8ed5ace84c3ee27a2cdec92fc50175e2ed1301ff36cc2 63649 ruby1.9.1_1.9.3.194-8.2.debian.tar.gz daa08c2a4adf93ed7629825f20c8cdbb111daadad3bb3d38e241e8cb8b9a03c7 225714 ruby1.9.1-examples_1.9.3.194-8.2_all.deb 9c5c56098aa59960803294441b60d8474eefb71fe64c4c6c666012b927cabaa5 1675152 ri1.9.1_1.9.3.194-8.2_all.deb 1fbe71597cf5e6a903256ec81e43dd6304a322a27a8a04226924e7ee7333a388 172038 ruby1.9.1-full_1.9.3.194-8.2_all.deb a1dd477dfebc41c5e408a2c342d65586d469e0d9d34d5cf3389d477e94bcce80 172516 ruby1.9.3_1.9.3.194-8.2_all.deb 660d2c596dc7a158b03dc9c7dfb3c6f0298f45e25ecddfbcf7a4e27d6e0901e6 208254 ruby1.9.1_1.9.3.194-8.2_amd64.deb 98673fce1808bdaa398c14213a7cb8e73db7c9482a51da0241358767281c5580 2921372 libruby1.9.1_1.9.3.194-8.2_amd64.deb 4ea25b5ba32305db17388c59993dbcd49278c07327b454bb2d928c78713f1477 4228602 libruby1.9.1-dbg_1.9.3.194-8.2_amd64.deb 3be67812296bb4d7135c2ae585d0b129d3c05e5c89a074e48569856abd274b27 1035872 ruby1.9.1-dev_1.9.3.194-8.2_amd64.deb cef994ca5cb856ed034c22a510518fdc20982873bffcdbf3f6898a39c4d04dfb 1565682 libtcltk-ruby1.9.1_1.9.3.194-8.2_amd64.deb Files: 01164c92d20203329635803975e51e60 2642 ruby optional ruby1.9.1_1.9.3.194-8.2.dsc 2983b48c0fc420a91e69d8397d4c3f8a 63649 ruby optional ruby1.9.1_1.9.3.194-8.2.debian.tar.gz 116fc45f60855a6a155c724a01174b94 225714 ruby optional ruby1.9.1-examples_1.9.3.194-8.2_all.deb 3ec71ae441ec3cbb8591ba31695febe0 1675152 ruby optional ri1.9.1_1.9.3.194-8.2_all.deb 394b927bfa6d7b5da9f01e7fed79d479 172038 ruby optional ruby1.9.1-full_1.9.3.194-8.2_all.deb 39165e95b0f71c7b589d9031584bface 172516 ruby optional ruby1.9.3_1.9.3.194-8.2_all.deb 7747e416f189e6d76658f20b98389e37 208254 ruby optional ruby1.9.1_1.9.3.194-8.2_amd64.deb e18a6585f5158549dd66834a1c820eba 2921372 libs optional libruby1.9.1_1.9.3.194-8.2_amd64.deb 3f170bc1c82b0e6e20a1053577d6a5d3 4228602 debug extra libruby1.9.1-dbg_1.9.3.194-8.2_amd64.deb e1e05e29e7186774a76a566ccbb668b9 1035872 ruby optional ruby1.9.1-dev_1.9.3.194-8.2_amd64.deb b7cc8c689fb8183f2b0a9bc075cc54f2 1565682 ruby optional libtcltk-ruby1.9.1_1.9.3.194-8.2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJR/PPwAAoJEHidbwV/2GP+lNAQAJtAqAtiFONk2jSJ45vYK+xN l7PgdidJAXtn1Nv/42ycPjYtpGHqudbRHbXbJRQMExdojBU9rjEX+mbzGtj6ZCAR KxU+RSkvgB6wcNTfB1qgSCwJLDcu/UNH28/YoEhdPKh1PMp3iU0d1mU4+Ez7jbUK 1wm8FdJdQaeLzHu+OH/1XJ6Z5HQVcEdEA2wIzau/wOLV87i3xPTqh/aoigNaU6J1 fZrI6EQ5Y7lGX9G82/VZv5yftAbCuDEqCxGasXF41hjSQUN4niNQmegvQUgPMysZ +seExBT6YpNVX/ZzvriMzlKSNUcID2psXom0kShl5rTGUi73v6fjBZCaNWjihqN/ e0WHdwtivP32j3635M3mfFGUOrJvOe2DHAyvr6BK1kFp3HX1f1e/n0l87b9u5Gpn ZQkbWA1U0c5cfuI+8mepicvlKBdzGqtucKBrqkgv2VGSHU5GKwdl0l3fMGmzX0Ja cJ+6qk9kCUvIJySPAeLaFO6b831h/UZzGa0IFlKua0jUxnp8uyWR0Ln4Vmc65OyV yU+HAWZp1k7Ek8TKa2q0JWQagq+W4tRzVPjEQAGh3u18lYncPB0ATLrbJa0O0lor ABQGGT32ZnxgxZplb2BxvRyE+QrFvBQsS1aHwszU1LGzqBtCR66v9L7UzHOU77R7 9ugbKcu9gjVYQy1MYJT1 =5NSt -----END PGP SIGNATURE-----
--- End Message ---
