Bug#730178: marked as done (ruby1.9.1: CVE-2013-4164 Heap Overflow in Floating Point Parsing)

Thu, 05 Dec 2013 13:22:43 -0800 

Your message dated Thu, 05 Dec 2013 21:17:49 +0000
with message-id <[email protected]>
and subject line Bug#730178: fixed in ruby1.9.1 1.9.3.194-8.1+deb7u2
has caused the Debian Bug report #730178,
regarding ruby1.9.1: CVE-2013-4164 Heap Overflow in Floating Point Parsing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
730178: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730178
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: ruby1.9.1
Severity: grave
Tags: security

Hi,

The follow vulnerability was published for ruby:

CVE-2013-4164: Heap Overflow in Floating Point Parsing
https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/

--- End Message ---
--- Begin Message --- 
Source: ruby1.9.1
Source-Version: 1.9.3.194-8.1+deb7u2

We believe that the bug you reported is fixed in the latest version of
ruby1.9.1, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Antonio Terceiro <[email protected]> (supplier of updated ruby1.9.1 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 01 Dec 2013 23:28:34 -0300
Source: ruby1.9.1
Binary: ruby1.9.1 libruby1.9.1 libruby1.9.1-dbg ruby1.9.1-dev 
libtcltk-ruby1.9.1 ruby1.9.1-examples ri1.9.1 ruby1.9.1-full ruby1.9.3
Architecture: source all amd64
Version: 1.9.3.194-8.1+deb7u2
Distribution: stable-security
Urgency: low
Maintainer: akira yamada <[email protected]>
Changed-By: Antonio Terceiro <[email protected]>
Description: 
 libruby1.9.1 - Libraries necessary to run Ruby 1.9.1
 libruby1.9.1-dbg - Debugging symbols for Ruby 1.9.1
 libtcltk-ruby1.9.1 - Tcl/Tk interface for Ruby 1.9.1
 ri1.9.1    - Ruby Interactive reference (for Ruby 1.9.1)
 ruby1.9.1  - Interpreter of object-oriented scripting language Ruby
 ruby1.9.1-dev - Header files for compiling extension modules for the Ruby 1.9.1
 ruby1.9.1-examples - Examples for Ruby 1.9
 ruby1.9.1-full - Ruby 1.9.1 full installation
 ruby1.9.3  - Interpreter of object-oriented scripting language Ruby, version 1
Closes: 730178
Changes: 
 ruby1.9.1 (1.9.3.194-8.1+deb7u2) stable-security; urgency=low
 .
   [ Raphaƫl Hertzog ]
   * debian/patches/CVE-2013-4164.patch: add upstream patch to fix heap
     overflow in floating point parsing. Closes: #730178
Checksums-Sha1: 
 8d5182b3f081663a77d5f599dbe219fcc9f48cd2 2670 
ruby1.9.1_1.9.3.194-8.1+deb7u2.dsc
 f97a8a3477fd442edef536dadd88a6dd9181d923 66747 
ruby1.9.1_1.9.3.194-8.1+deb7u2.debian.tar.gz
 27f7339d9919c2c55a869d4a2525443a0da1ee25 233500 
ruby1.9.1-examples_1.9.3.194-8.1+deb7u2_all.deb
 a6614616a212fbcb51f970d76c3786325af780fa 2173776 
ri1.9.1_1.9.3.194-8.1+deb7u2_all.deb
 2d31aa9ea07079f854fb4d7cb1d88b8b7bbd1eab 171562 
ruby1.9.1-full_1.9.3.194-8.1+deb7u2_all.deb
 606ec6388464be749a0506f1e666f80bd79a2d64 172140 
ruby1.9.3_1.9.3.194-8.1+deb7u2_all.deb
 80c4f04dfa18e31e7c87257d0b3d136f20536f55 208562 
ruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
 9086807e55f3a8476efa819f14fbe6b84989056d 4414732 
libruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
 8bca680be1e21490cb7dca6c4a8f58892d094d57 4564868 
libruby1.9.1-dbg_1.9.3.194-8.1+deb7u2_amd64.deb
 88d20c0d85fc8c0b8e57f20a041a14d57eed832f 1384504 
ruby1.9.1-dev_1.9.3.194-8.1+deb7u2_amd64.deb
 ee59e51c6a1dd6d3d13140ae23a8aa94757622f0 1959512 
libtcltk-ruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
Checksums-Sha256: 
 bf6a5b0ebbc0d288885b132d3185a738f1c0af5ac065e36d7e3d758795b5c512 2670 
ruby1.9.1_1.9.3.194-8.1+deb7u2.dsc
 0e5ea3d2fd27128c32cf203dfb60b5b02d896321ac7f6ece5482c0425f432b0e 66747 
ruby1.9.1_1.9.3.194-8.1+deb7u2.debian.tar.gz
 c2a17f44566e0b82d14fde4aa04a8d7ba51d32f1ca9d056c73636ace51c3ba0c 233500 
ruby1.9.1-examples_1.9.3.194-8.1+deb7u2_all.deb
 6d6b2611d677609d58804a867a9c757115e718f877098957e7341bea95429d51 2173776 
ri1.9.1_1.9.3.194-8.1+deb7u2_all.deb
 a10a845fc530e38d59b15c7ef3b41772c058692dca0709e28064ee890573edaa 171562 
ruby1.9.1-full_1.9.3.194-8.1+deb7u2_all.deb
 2c037f68ae3a010e9a18bf872d16f05aad49d80f25d996a8c0f9e1df6dff19f5 172140 
ruby1.9.3_1.9.3.194-8.1+deb7u2_all.deb
 5f49e26916d5b32e50e8d0f114f4eb78e8e91a5b19dc42719a3d13008903029e 208562 
ruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
 dadb20714a4d1d19e88e72dbfa9e1dbd89b58f537d4615d84f910f33ddbda5d8 4414732 
libruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
 debd67db9e904b784c03ce40c2e091280161380a5c89dcedf36014a1a266ac3d 4564868 
libruby1.9.1-dbg_1.9.3.194-8.1+deb7u2_amd64.deb
 c7d7f61585bf383a06551b83bfa7777fd686b08a1c6b1c9991407a9b3d6a696d 1384504 
ruby1.9.1-dev_1.9.3.194-8.1+deb7u2_amd64.deb
 12f969d5307f968f6bf2718e7ac2b8568dc088898bd168397d423060f472788a 1959512 
libtcltk-ruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
Files: 
 88c1e8646e311c2a7b3994ca39fe0fda 2670 ruby optional 
ruby1.9.1_1.9.3.194-8.1+deb7u2.dsc
 9364c7c972a4dc89a3d5edd663271379 66747 ruby optional 
ruby1.9.1_1.9.3.194-8.1+deb7u2.debian.tar.gz
 41b184c4eade8497673f1894c24bd9e9 233500 ruby optional 
ruby1.9.1-examples_1.9.3.194-8.1+deb7u2_all.deb
 1d51ac02ee37305f91a8398c7d24f339 2173776 ruby optional 
ri1.9.1_1.9.3.194-8.1+deb7u2_all.deb
 4ba0cb5beaa91a7d5539a8089ae1d2e0 171562 ruby optional 
ruby1.9.1-full_1.9.3.194-8.1+deb7u2_all.deb
 2ff12a524d77b2ad2ed71b46a5818dc2 172140 ruby optional 
ruby1.9.3_1.9.3.194-8.1+deb7u2_all.deb
 325b76f6c0ef18b866642b081f0617b7 208562 ruby optional 
ruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
 d531ee69c33a187fc1b54f4555de82df 4414732 libs optional 
libruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb
 9292e5f890409f127bd194501ae2f7b8 4564868 debug extra 
libruby1.9.1-dbg_1.9.3.194-8.1+deb7u2_amd64.deb
 4ffa005ed1b4b686bad417aa323db2c8 1384504 ruby optional 
ruby1.9.1-dev_1.9.3.194-8.1+deb7u2_amd64.deb
 f64792f7bc9bf4252833b5f1717d7ab0 1959512 ruby optional 
libtcltk-ruby1.9.1_1.9.3.194-8.1+deb7u2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCAAGBQJSnFruAAoJEPwNsbvNRgve8f4QAPV4UyBp1zj1gJEiSuulQfEh
cRKnhHEI44EEajwwePQR0hUcr/mkKJ9pS/m0tsjjc8p0wDxCU/L7fz76nZAokoKj
NIwJZxEM1W+kCKp2+Vkt9mf5j3OaROXenPMhgJS3qUn9lCZu5nxDVFcwbUzYFda0
10KtRqsPuZvIIz99FlEJN53Er+wAXEqEP52rQRRJvgOOwKlxnarMR8OEjbKsB+Dc
YulJmoayK8XwmPQnXVlbMShyx8GM6SNbtVk+QwNfi03LgeeuGIkR3wGjbtOziTvU
I+PMjXwqC6+WhpNv975jDSz6D/K61ya+22ubJsk6GKeqjIO0S1hb7lD5ZkEYJDSX
3jbXgcrnOEUhyNGLpQmqpD64IRs41TUQ0PUS+0Tbankd1HXlyQgjNjdyY8ANh9v4
nh00x6n3wPb5HRptT8efHWfvFUpp+4qP/v1onqEfD1/NQu9wwhA4Ds1JHIqn1AoU
ije4ZFR9GB6Ezljj1UKj5Az+SOnzqGUJ7esV7L8TKV+OxjQeYWa29T++qP8ZDfT0
SHvlTDvp77tf7p9YrEZhyiAwHDemKtdu0TB+AJv9j4cTyk0iAXvAUQmRRa/uN1nL
Xy1IzcEV4tnxUgtfJQ5CrnUo7xtcDv0a20z7GD8B2qFXsPXEn3j+L7BYPeiwsU3I
1wuLGwPVdApaMXfIj5zb
=PYei
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to