Your message dated Sun, 19 Mar 2023 13:04:06 +0000 with message-id <e1pdshi-005tzm...@fasolo.debian.org> and subject line Bug#1029851: fixed in ruby-globalid 0.6.0-2 has caused the Debian Bug report #1029851, regarding ruby-globalid: CVE-2023-22799 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1029851: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029851 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ruby-globalid Version: 0.6.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for ruby-globalid. CVE-2023-22799[0]: | Possible ReDoS based DoS vulnerability in GlobalID If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-22799 https://www.cve.org/CVERecord?id=CVE-2023-22799 [1] https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127 [2] https://github.com/rails/globalid/commit/3bc4349422e60f2235876a59dd415e98b072eb2b Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ruby-globalid Source-Version: 0.6.0-2 Done: Pirate Praveen <prav...@debian.org> We believe that the bug you reported is fixed in the latest version of ruby-globalid, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1029...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pirate Praveen <prav...@debian.org> (supplier of updated ruby-globalid package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 19 Mar 2023 17:58:06 +0530 Source: ruby-globalid Architecture: source Version: 0.6.0-2 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Team <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Pirate Praveen <prav...@debian.org> Closes: 1029851 Changes: ruby-globalid (0.6.0-2) unstable; urgency=medium . * Team Upload . [ Debian Janitor ] * Remove constraints unnecessary since buster (oldstable): + Build-Depends: Drop versioned constraint on ruby-activesupport. . [ Pirate Praveen ] * Fix CVE-2023-22799 (Closes: #1029851) * Bump Standards-Version to 4.6.2 (no changes needed) Checksums-Sha1: 8eb86fc8a4386852f4d92efcea030d834ab83098 2063 ruby-globalid_0.6.0-2.dsc 7e65e9f4644ceb54afcd880a9feab5abe6cf1a68 4204 ruby-globalid_0.6.0-2.debian.tar.xz d364985a1c84b2d23b167dc9536c957ef8df3f22 10544 ruby-globalid_0.6.0-2_amd64.buildinfo Checksums-Sha256: 92552095517eabdd5c0723cd6b8f25138f7bad13c53b2d0e5aa1e2920649e559 2063 ruby-globalid_0.6.0-2.dsc 5cf7912fac429ccdcb8fd60e1d6ce7a7247865d2cd9f35966076fca456185000 4204 ruby-globalid_0.6.0-2.debian.tar.xz 0f4ac6b0a1400719da5d27e6c728b8b0e93943fef1c771e697d423c31494fa3b 10544 ruby-globalid_0.6.0-2_amd64.buildinfo Files: 3c6d71fe19b6a31ab95ef3b06bf55a02 2063 ruby optional ruby-globalid_0.6.0-2.dsc c094bf4b6a3d7d10d51b4ade6e135259 4204 ruby optional ruby-globalid_0.6.0-2.debian.tar.xz 325c41520f3bb49d782b54592f6354e9 10544 ruby optional ruby-globalid_0.6.0-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0whj4mAg5UP0cZqDj1PgGTspS3UFAmQXAqcACgkQj1PgGTsp S3UxnhAAsEZNp7quBs/AelFyMM7efTX/nII0Zei7ldndB6Aze4Ep8J7iSNcjp66d Pkb/LaI1Dy6eVKGVcwrH2aY+IfmtwKwBJBMyfpnYo8zGibxzIrVqWkcLh8WbQyl+ SVseBAcpzmETW5HSWnTFXyVolYkxFZ8V+HxVPVPNheXCSCPlQDBU7Gvs698w2hwB RXGUcYg88bl1hzdDxhqqsFR6fGzrCfEuPhGAkkvXHV7J7/hrMg2YbkFPP5NAGFhd RVqwPkB6BH6RzRuWb4/Tz41EqcCqmvjXlRncCV/TNPCFAptTvp0jNUeO7pb3deIQ kAwWiL9NIYX/Kb9p2ej3Nus9OzhwnJLtMi/BFzcyoIbVEHpR1mpMDXlYiNmZeot4 J16OO8mkG/y91no/L34NSwxn1wAP4V7YkL8GbDcp4gBbue43NAas74JyvczIEksn I4KD5nBsPWIn89gYW5qfyljNxnsGWsZhRQWrxtblVyzpEMuSRPabZYNmq+4HHJVo JfdBigpPYWdia+1v8pTWSfHD1+5fBtPhvfnzW1Ulo/eFaGRjHQUaakAweTsPFoPz gxN8OHIhCnja280ejoTZC10d7V85FIJ9t4qUXS8OoXCtZgzZO0i+UXCivuAQRxKk 9mRgpbPXyFun1F9/3OOAXW3Q6u29/uPaNDK4DI7YmHLRI8ludY8= =v9bj -----END PGP SIGNATURE-----
--- End Message ---
