Your message dated Sat, 10 May 2014 18:19:54 +0000
with message-id <[email protected]>
and subject line Bug#747382: fixed in rails-3.2 3.2.18-1
has caused the Debian Bug report #747382,
regarding rails-3.2: CVE-2014-0130: Directory Traversal Vulnerability With
Certain Route Configurations
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
747382: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747382
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rails-3.2
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
Hi,
the following vulnerability was published for rails-3.2.
CVE-2014-0130[0]:
Directory Traversal Vulnerability With Certain Route Configurations
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
https://security-tracker.debian.org/tracker/CVE-2014-0130
[1] http://www.openwall.com/lists/oss-security/2014/05/06/12
[2] http://www.openwall.com/lists/oss-security/2014/05/06/14
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rails-3.2
Source-Version: 3.2.18-1
We believe that the bug you reported is fixed in the latest version of
rails-3.2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Antonio Terceiro <[email protected]> (supplier of updated rails-3.2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 10 May 2014 15:11:11 -0300
Source: rails-3.2
Binary: ruby-activesupport-3.2 ruby-activerecord-3.2 ruby-activeresource-3.2
ruby-activemodel-3.2 ruby-actionpack-3.2 ruby-actionmailer-3.2
ruby-railties-3.2 ruby-rails-3.2 rails3
Architecture: source all
Version: 3.2.18-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Antonio Terceiro <[email protected]>
Description:
rails3 - MVC ruby based framework geared for web application development
ruby-actionmailer-3.2 - email composition, delivery, and receiving framework
(part of Rai
ruby-actionpack-3.2 - web-flow and rendering framework putting the VC in MVC
(part of R
ruby-activemodel-3.2 - toolkit for building modeling frameworks (part of Rails)
ruby-activerecord-3.2 - object-relational mapper framework (part of Rails)
ruby-activeresource-3.2 - REST modeling framework (part of Rails)
ruby-activesupport-3.2 - Support and utility classes used by the Rails 3.2
framework
ruby-rails-3.2 - MVC ruby based framework geared for web application
development
ruby-railties-3.2 - MVC ruby based framework geared for web application
development
Closes: 747382
Changes:
rails-3.2 (3.2.18-1) unstable; urgency=medium
.
* New upstream release.
+ Contains fix for [CVE-2014-0130] Directory Traversal Vulnerability With
Certain Route Configurations (Closes: #747382)
Checksums-Sha1:
31022b9608006115a4be8bb8bb1caf6aebd282c1 2622 rails-3.2_3.2.18-1.dsc
956f62c6bd8637e3cad369b7e45d97e45c8269d5 3566632 rails-3.2_3.2.18.orig.tar.gz
7d8e426adca5f65b43fb69a412d563dff0b09cbc 25780 rails-3.2_3.2.18-1.debian.tar.xz
7158be4f946903ca24f12e0d8a6d7acfb7703d81 188930
ruby-activesupport-3.2_3.2.18-1_all.deb
ed7f7b3f5c88f5efd2b4dc75264423bad8cb36b3 216582
ruby-activerecord-3.2_3.2.18-1_all.deb
b3572a954ed216581b8509ff0be846214a2648d0 38288
ruby-activeresource-3.2_3.2.18-1_all.deb
23c15b79adfe1d48f501d21ebb29d315fd9af687 46646
ruby-activemodel-3.2_3.2.18-1_all.deb
aabbb74a403c9b7fade37fef1baf06c030ff17c8 249950
ruby-actionpack-3.2_3.2.18-1_all.deb
c87b1d38bcfe8572c918e259b53956a71f26037d 26994
ruby-actionmailer-3.2_3.2.18-1_all.deb
df7d30338ff970acaa451bf923db8d890e4b9334 113456
ruby-railties-3.2_3.2.18-1_all.deb
3319437f50cc0cc9c7f7f21ddeb5b1b27da3a8f0 11904 ruby-rails-3.2_3.2.18-1_all.deb
78797e1a52ba9d7f6bb127e8ce1931998d5ef68b 9660 rails3_3.2.18-1_all.deb
Checksums-Sha256:
c14c166355be533ad9fb510765b8f7735a9d2895c22bf830dd58a369354a7ee3 2622
rails-3.2_3.2.18-1.dsc
25f5c98c965a222b001ee07eefa7e2c3719bfd8f6a9b44eedd4759c646b05895 3566632
rails-3.2_3.2.18.orig.tar.gz
b7ba2c1ff622efac9b5f235eaad6ca158d9831e6d75aab2ec92fcb458e1b136f 25780
rails-3.2_3.2.18-1.debian.tar.xz
14d3d5cd875e163a8a650ae0d7332a6e6bc339e8949bf0bfc0c5f6886f365cb1 188930
ruby-activesupport-3.2_3.2.18-1_all.deb
cb891c4f4f8e7a52cd0c0f9945efd3c71c3b9bff1fb16dbed973e8c006efd9c6 216582
ruby-activerecord-3.2_3.2.18-1_all.deb
1549073d40f056870cbc7cc9c5b094a794c7c14c985095a96f39693058232466 38288
ruby-activeresource-3.2_3.2.18-1_all.deb
aee1f9d62161dd3732342940deeed41a3d08a8e81244a557c3a64620475448a6 46646
ruby-activemodel-3.2_3.2.18-1_all.deb
db3ab2c23d1a6927adb4efa5b11a6021f2cd65ce0f3ed025cfab027ad6039fa7 249950
ruby-actionpack-3.2_3.2.18-1_all.deb
81b955894e17f692f6fc4333ebe633044ce00645676306539ddafcea3c0d5780 26994
ruby-actionmailer-3.2_3.2.18-1_all.deb
2e539f8a3b9524697c511366ffe2941fa231104b1a89c6124850c2abc363db53 113456
ruby-railties-3.2_3.2.18-1_all.deb
db8925f95308501cda679b6375aaf574727f5dcbfc033484adeb8b0e82f472f9 11904
ruby-rails-3.2_3.2.18-1_all.deb
51cc24d12d9b3847e679bb05ea1a5fe0d40c37e4c4327bcf12b9d2136aec7843 9660
rails3_3.2.18-1_all.deb
Files:
7a59c21cf185df6e5c97a7ce68b280be 188930 ruby optional
ruby-activesupport-3.2_3.2.18-1_all.deb
9dc7950114b62300a1ea7101ada3dd1c 216582 ruby optional
ruby-activerecord-3.2_3.2.18-1_all.deb
a0c17252055b24606c99ceb261843142 38288 ruby optional
ruby-activeresource-3.2_3.2.18-1_all.deb
e661fd8923ba4a63a326295e066b8bfc 46646 ruby optional
ruby-activemodel-3.2_3.2.18-1_all.deb
304520f254667cdfca4a92e8e9822d3e 249950 ruby optional
ruby-actionpack-3.2_3.2.18-1_all.deb
46dd188e3b84329b7b3a38bbf1a74b31 26994 ruby optional
ruby-actionmailer-3.2_3.2.18-1_all.deb
1b11923b06bcab1dadd7d200d1614429 113456 ruby optional
ruby-railties-3.2_3.2.18-1_all.deb
9d8ccf53e4b4b712a6654ecc9f147f74 11904 ruby optional
ruby-rails-3.2_3.2.18-1_all.deb
e2c90a9b47104ea901d7d20ab03facea 9660 ruby optional rails3_3.2.18-1_all.deb
be58737744cc8a0e5648a9233e16dbc0 2622 ruby optional rails-3.2_3.2.18-1.dsc
a70b92ea1a87993bfcdc975791f53183 3566632 ruby optional
rails-3.2_3.2.18.orig.tar.gz
0b67c28fb7a250cd947c06ccf90f5268 25780 ruby optional
rails-3.2_3.2.18-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJTbmyHAAoJEPwNsbvNRgvekjoP/1Y81VyrXvDY2gTuuavNTkoB
C2f9D1cdavrtRq9dMt3T6hoI739QjJfXlVvH9hNvye03fceO/XvArNPUNSE4D5/s
tc2Yi6Y5GqWHuug4t6x+px3ITVwVK7gPMFzX4lJ7sJ8alJV9LvOQ7ORKUb8bAHNj
VtBp0B4Eg8za09z2uAgTfFNZkbR8KMl51C18xXOs/y9YWS/dOpbmQZJRmhW7tFRO
z5zU7CfXzj6oCqFnNEItvBNMep6wlNfh6vv31tG5aoERpXq34ZQptfckvrhydSfI
K2U6zs2sRS3GHwutXhltqR3LxExENXxPB1Q7iQO6A0XG1h1NjFBd5Yh5I0DL7A+9
s3UX91UUGzA890zcalFS0VM8DlqF3jP5lUheAl4hX4BFAu69EJir2yEGaiPjzis/
4bWjDydWI1Ij6HwGLmDk6INwwrBxsYDPEtQXIE1ZTVI+CMrdXWY8WYwPiTVbTRfq
u5wapS5S+CBESjXDPzhra6mNhBVP9DwFSXfgoTdDALe4wkCGsqurECWmuoxfgFl5
BFiuN6gQAoENZ0/bFC56s8SgG1tPzCVUQpmeY6jVpcglV2LQ5rgxGVJehITagU3i
ETRzrO+tyy/wAEGoi5dDInvFsPelUrWUGuh4zBc1RcXaapif1E7q6SgBps7+/u+G
OB/Ovv7vy4oi5isVDK41
=FtxI
-----END PGP SIGNATURE-----
--- End Message ---
