Your message dated Sat, 14 Jul 2018 13:02:33 +0000
with message-id <[email protected]>
and subject line Bug#901913: fixed in ruby-sprockets 3.7.0-1+deb9u1
has caused the Debian Bug report #901913,
regarding CVE-2018-3760
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
901913: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901913
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ruby-sprockets
Severity: grave
Tags: security
Hi,
please see http://www.openwall.com/lists/oss-security/2018/06/19/2
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: ruby-sprockets
Source-Version: 3.7.0-1+deb9u1
We believe that the bug you reported is fixed in the latest version of
ruby-sprockets, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated ruby-sprockets
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 05 Jul 2018 23:29:49 +0200
Source: ruby-sprockets
Binary: ruby-sprockets
Architecture: source
Version: 3.7.0-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 901913
Description:
ruby-sprockets - Rack-based asset packaging system
Changes:
ruby-sprockets (3.7.0-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Do not respond to http requests asking for a `file://` (CVE-2018-3760)
(Closes: #901913)
Checksums-Sha1:
cb8d8d5abd67cad9d0601e982a5f9864205fa192 2344 ruby-sprockets_3.7.0-1+deb9u1.dsc
9ad7b23911ddb9860376036afd39cbdd921e74fe 70453 ruby-sprockets_3.7.0.orig.tar.gz
d9cdb0b35f5aa8d7c8997b0d6327cc5eab95ffad 4376
ruby-sprockets_3.7.0-1+deb9u1.debian.tar.xz
fcedef4b5a3f62c498ebde3afb91292ce410c88e 5752
ruby-sprockets_3.7.0-1+deb9u1_source.buildinfo
Checksums-Sha256:
d14463e1e23261fb10613e96928b2a76b55eeac6c9fdea40c4c2696c5098f3b2 2344
ruby-sprockets_3.7.0-1+deb9u1.dsc
6add73c1003196ecdd762e54230f63ca78fab26919ae7ed1170e9cb84bb506ed 70453
ruby-sprockets_3.7.0.orig.tar.gz
50d280eab840bd837b1c7fe6af312b63e5978d9f48fb97633edf7fb5af8f9488 4376
ruby-sprockets_3.7.0-1+deb9u1.debian.tar.xz
61f35971e26f3c3886781d571d5833defdc96a34b45ce7b2f894500ab4d82984 5752
ruby-sprockets_3.7.0-1+deb9u1_source.buildinfo
Files:
79bab0e80ae75ff456a26b81d016ace9 2344 ruby optional
ruby-sprockets_3.7.0-1+deb9u1.dsc
461c7ff4b50b6136c914056fa459af39 70453 ruby optional
ruby-sprockets_3.7.0.orig.tar.gz
e1846ed8d432132c9e42e4a46b81bf81 4376 ruby optional
ruby-sprockets_3.7.0-1+deb9u1.debian.tar.xz
5edcea919cee8a99dc3eb53c5a94833e 5752 ruby optional
ruby-sprockets_3.7.0-1+deb9u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAltB0lNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EfOAP/16M2jXPkDwlXxGh86+z7NRQ8SqZItqW
XsK6SpOnxLPRgYPn1ZDGNfub+ryOpJLvUBMtiYREN7IMidTOWOXoL78YtKGz73K4
gLmEkmfQ+vY0tl4PmFuWr0O+MIueizhP2P77AKGWdpZEvwwLx7y3DVEmD3qWbwcj
YWwFwVYwqOTc/i+2k2vwW7y3MgMnHt5quLHgv3KGdnHj8K/KEkltH2j8whmTSV0N
pYASQCzv+db/fx8Q1U1yaqxzU/7uGfH8juE6kD5pFOwA0wB6gBsvKd7y5nt5HbrJ
B8O+U8N0cSWfkqRAfPYNYH7VEylKD9yZPSBTIoJb492nuBbh+dOqDes4SGefiaPM
bCtViVvPu5jK8p96FNxWT6xyX2x4X66khoc1F2Qj+qv9SizzsN7aO0XwGxgO0UEy
WppdHt4dGEpFbynMuzm6BTz9ZT1hIB2yjrlVeI69hhijFsen5Q48v7ugN8wD7UCX
D/jX/Kevwta3HsPTG9su9lmyDAvb+PrKfAMrTxPUgLtnrRXTRlcFKm5O5TkzeTL+
Z8ySD4Qde6QsqkqCNyAlu9F147nO37VDbxMT/MVnXKIj6GUBFPTJPzU0aPRnu0WF
b46yYHRvADmmFscJvgLjPwxMR9K3Vrxj4oMZkJRGdWvan/uAm7Dux+X5Y+nXfRmT
NwFkWdquq1Ea
=JCC+
-----END PGP SIGNATURE-----
--- End Message ---